vtemu.by Open in urlscan Pro
104.21.78.118 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://vtemu.by/
Submission: On March 03 via manual (March 3rd 2022, 12:13:55 pm UTC) from RU — Scanned from DE

Summary HTTP 328 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 51 IPs in 11 countries across 48 domains to perform 328 HTTP transactions. The main IP is 104.21.78.118, located in and belongs to CLOUDFLARENET, US. The main domain is vtemu.by.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 4th 2021. Valid for: a year.

This is the only time vtemu.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
48	104.21.78.118 104.21.78.118	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
37	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
13	2a03:90c0:41:... 2a03:90c0:41:2801::254	199524 (GCORE) (GCORE)
4	146.0.227.110 146.0.227.110	20773 (GODADDY) (GODADDY)
12	146.0.227.109 146.0.227.109	29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
4	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1 4	146.59.10.80 146.59.10.80	16276 (OVH) (OVH)
1 2	88.212.201.210 88.212.201.210	39134 (UNITEDNET) (UNITEDNET)
2	2a00:1450:400... 2a00:1450:400c:c0a::9b	15169 (GOOGLE) (GOOGLE)
3 7	2a02:6b8::1:119 2a02:6b8::1:119	208722 (YNDX) (YNDX)
8	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	146.59.30.108 146.59.30.108	16276 (OVH) (OVH)
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
4	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1 1	80.64.106.151 80.64.106.151	20764 (RASCOM-AS...) (RASCOM-AS CJSC RASCOM ISP)
1 3	144.76.118.233 144.76.118.233	24940 (HETZNER-AS) (HETZNER-AS)
3 3	195.209.108.38 195.209.108.38	52007 (ADRIVER-AS) (ADRIVER-AS)
1	193.200.65.6 193.200.65.6	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
1	37.18.16.22 37.18.16.22	205675 (HYBRID-AS) (HYBRID-AS)
5 5	18.195.106.21 18.195.106.21	16509 (AMAZON-02) (AMAZON-02)
1 1	94.23.171.206 94.23.171.206	16276 (OVH) (OVH)
4 6	2.21.141.232 2.21.141.232	16625 (AKAMAI-AS) (AKAMAI-AS)
1	188.42.29.196 188.42.29.196	7979 (SERVERS-COM) (SERVERS-COM)
2	216.52.2.19 216.52.2.19	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
11	2a00:1450:400... 2a00:1450:400e:811::2003	15169 (GOOGLE) (GOOGLE)
42	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::11 2a02:2638:1::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	52.214.209.198 52.214.209.198	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225f:b800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3 28	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2 3	185.33.221.88 185.33.221.88	29990 (ASN-APPNEX) (ASN-APPNEX)
10	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
7	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1 2	52.212.232.57 52.212.232.57	16509 (AMAZON-02) (AMAZON-02)
1	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 3	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	2620:116:800d... 2620:116:800d:21:fcb8:22d2:d390:5f1b	16509 (AMAZON-02) (AMAZON-02)
1 1	3.127.180.130 3.127.180.130	16509 (AMAZON-02) (AMAZON-02)
5	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
8 8	104.36.113.23 104.36.113.23	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 5	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	2a05:d01c:1d8... 2a05:d01c:1d8:8100:39fb:2754:c941:3afb	16509 (AMAZON-02) (AMAZON-02)
1 1	108.128.215.255 108.128.215.255	16509 (AMAZON-02) (AMAZON-02)
2 2	141.94.242.148 141.94.242.148	16276 (OVH) (OVH)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
3	35.190.90.30 35.190.90.30	15169 (GOOGLE) (GOOGLE)
2 3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	47.252.78.131 47.252.78.131	45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co.)
328	51

48 104.21.78.118 (None, )

ASN13335 (CLOUDFLARENET, US)

vtemu.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a03:90c0:41:2801::254 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.0.227.110 (Ascension Island)

ASN20773 (GODADDY, DE)

inv-dmp.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
inv-nets-eu.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 146.0.227.109 (Ascension Island)

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)

prebid-inv-eu.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.59.10.80 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip80.ip-146-59-10.eu

gaby.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.210 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host210.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0a::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN208722 (YNDX, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.108 (France)

ASN16276 (OVH, FR)
PTR: ip108.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.64.106.151 (Redkino, Russian Federation) 1 redirects

ASN20764 (RASCOM-AS CJSC RASCOM ISP, RU)
PTR: s-fr6.rutarget.ru

admixer-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 144.76.118.233 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.233.118.76.144.clients.your-server.de

exchange.buzzoola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.209.108.38 (Russian Federation) 3 redirects

ASN52007 (ADRIVER-AS, RU)

ad.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.6 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: adforce.team

m.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.18.16.22 (Russian Federation)

ASN205675 (HYBRID-AS, RU)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.195.106.21 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-106-21.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.171.206 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-94-23-171.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.21.141.232 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-232.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.42.29.196 (Luxembourg)

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.19 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands) 1 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:400e:811::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.214.209.198 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-209-198.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225f:b800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 142.250.185.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.88 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.232.57 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-232-57.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.91 (Meerbusch, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:116:800d:21:fcb8:22d2:d390:5f1b (United States) 3 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.180.130 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-180-130.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.36.113.23 (United States) 8 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.165 (Frankfurt am Main, Germany) 5 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d01c:1d8:8100:39fb:2754:c941:3afb (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.215.255 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-215-255.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.94.242.148 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3210962.ip-141-94-242.eu

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.90.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.252.78.131 (United States) 1 redirects

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN)

event.clientgear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 122	673 KB
55	doubleclick.net 3 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 68 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	432 KB
48	vtemu.by vtemu.by	5 MB
29	admixer.net cdn.admixer.net — Cisco Umbrella Rank: 39073 inv-dmp.admixer.net — Cisco Umbrella Rank: 267736 prebid-inv-eu.admixer.net — Cisco Umbrella Rank: 137816 inv-nets-eu.admixer.net — Cisco Umbrella Rank: 49638 inv-nets.admixer.net — Cisco Umbrella Rank: 2365	308 KB
24	gstatic.com fonts.gstatic.com www.gstatic.com	308 KB
11	criteo.net static.criteo.net — Cisco Umbrella Rank: 600 pix.eu.criteo.net — Cisco Umbrella Rank: 7328 csm.eu.criteo.net — Cisco Umbrella Rank: 7422	87 KB
10	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	350 KB
8	pubmatic.com 8 redirects image6.pubmatic.com — Cisco Umbrella Rank: 571	4 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	305 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	7 KB
7	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 57 www.google.com — Cisco Umbrella Rank: 2	2 KB
7	gemius.pl 3 redirects gaby.hit.gemius.pl — Cisco Umbrella Rank: 221705 ls.hit.gemius.pl — Cisco Umbrella Rank: 11780 googlecm.hit.gemius.pl — Cisco Umbrella Rank: 7401	16 KB
6	casalemedia.com 4 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 476 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	5 KB
5	rubiconproject.com 5 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 289	2 KB
5	openx.net rtb.openx.net — Cisco Umbrella Rank: 1359	678 B
5	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 257	3 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 28691	2 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
4	quantserve.com 3 redirects cms.quantserve.com — Cisco Umbrella Rank: 929	1 KB
4	google.de adservice.google.de — Cisco Umbrella Rank: 8832	1 KB
4	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 620	101 KB
3	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 565	1 KB
3	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 794	1 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 205	3 KB
3	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 7435 rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 12341 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9430	40 KB
3	adriver.ru 3 redirects ad.adriver.ru — Cisco Umbrella Rank: 21675	2 KB
3	buzzoola.com 1 redirects exchange.buzzoola.com — Cisco Umbrella Rank: 21041	673 B
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1530	1 KB
2	innovid.com 1 redirects ag.innovid.com — Cisco Umbrella Rank: 1391	682 B
2	demdex.net 1 redirects skydeutschland.demdex.net — Cisco Umbrella Rank: 101105	2 KB
2	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 521 static.adsafeprotected.com — Cisco Umbrella Rank: 500	688 B
2	creativecdn.com 1 redirects creativecdn.com — Cisco Umbrella Rank: 614	678 B
2	lijit.com ce.lijit.com — Cisco Umbrella Rank: 734	696 B
2	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 2926	50 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 7964	1 KB
1	clientgear.com 1 redirects event.clientgear.com — Cisco Umbrella Rank: 2697	263 B
1	everesttech.net 1 redirects pixel.everesttech.net — Cisco Umbrella Rank: 2828	375 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 492	763 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	22 KB
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 12956	1 KB
1	betweendigital.com ads.betweendigital.com — Cisco Umbrella Rank: 1509	159 B
1	erne.co 1 redirects green.erne.co — Cisco Umbrella Rank: 12241	298 B
1	hybrid.ai dm.hybrid.ai — Cisco Umbrella Rank: 21464	238 B
1	trafmag.com m.trafmag.com — Cisco Umbrella Rank: 89993	351 B
1	rutarget.ru 1 redirects admixer-sync.rutarget.ru — Cisco Umbrella Rank: 81908	288 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 716	641 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	37 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 588	33 KB
328	48

	Domain	Requested by
48	vtemu.by	vtemu.by code.jquery.com
42	tpc.googlesyndication.com	googleads.g.doubleclick.net 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net vtemu.by pagead2.googlesyndication.com
29	pagead2.googlesyndication.com	vtemu.by pagead2.googlesyndication.com 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.gstatic.com www.googletagservices.com
28	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net vtemu.by
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com vtemu.by 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com googleads.g.doubleclick.net
13	fonts.gstatic.com	fonts.googleapis.com
13	cdn.admixer.net	vtemu.by prebid-inv-eu.admixer.net inv-dmp.admixer.net cdn.admixer.net
11	www.gstatic.com	googleads.g.doubleclick.net
10	s0.2mdn.net	vtemu.by s0.2mdn.net
9	inv-nets.admixer.net	cdn.admixer.net vtemu.by
8	image6.pubmatic.com	8 redirects
8	www.googletagservices.com	googleads.g.doubleclick.net 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
8	fonts.googleapis.com	code.jquery.com googleads.g.doubleclick.net
7	static.criteo.net	ads.eu.criteo.com
5	pixel.rubiconproject.com	5 redirects
5	rtb.openx.net	googleads.g.doubleclick.net
5	x.bidswitch.net	5 redirects
5	mc.yandex.com	2 redirects vtemu.by
5	www.google-analytics.com	vtemu.by www.google-analytics.com
4	cms.quantserve.com	3 redirects googleads.g.doubleclick.net
4	securepubads.g.doubleclick.net	cdn.admixer.net securepubads.g.doubleclick.net
4	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	gaby.hit.gemius.pl	1 redirects vtemu.by gaby.hit.gemius.pl
4	maxcdn.bootstrapcdn.com	vtemu.by code.jquery.com maxcdn.bootstrapcdn.com
3	id.rlcdn.com	2 redirects googleads.g.doubleclick.net
3	odr.mookie1.com	googleads.g.doubleclick.net
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	dsum-sec.casalemedia.com	1 redirects googleads.g.doubleclick.net
3	ssum-sec.casalemedia.com	3 redirects
3	ad.adriver.ru	3 redirects
3	exchange.buzzoola.com	1 redirects vtemu.by cdn.admixer.net
3	inv-nets-eu.admixer.net	cdn.admixer.net
3	prebid-inv-eu.admixer.net	vtemu.by cdn.admixer.net
2	e.dlx.addthis.com	2 redirects
2	googlecm.hit.gemius.pl	2 redirects
2	ag.innovid.com	1 redirects googleads.g.doubleclick.net
2	skydeutschland.demdex.net	1 redirects 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	vtemu.by
2	csm.eu.criteo.net	ads.eu.criteo.com
2	pix.eu.criteo.net	ads.eu.criteo.com
2	creativecdn.com	1 redirects vtemu.by
2	ce.lijit.com	vtemu.by
2	69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	mc.yandex.ru	1 redirects vtemu.by
2	stats.g.doubleclick.net	www.google-analytics.com
2	counter.yadro.ru	1 redirects vtemu.by
1	event.clientgear.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	d.agkn.com	1 redirects
1	cdnjs.cloudflare.com	s0.2mdn.net
1	m.exactag.com	69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	static.adsafeprotected.com	69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
1	pixel.adsafeprotected.com	1 redirects
1	rtb.fr.eu.criteo.com	vtemu.by
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	ads.betweendigital.com	vtemu.by
1	green.erne.co	1 redirects
1	dm.hybrid.ai	vtemu.by
1	m.trafmag.com	vtemu.by
1	admixer-sync.rutarget.ru	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	ls.hit.gemius.pl	gaby.hit.gemius.pl
1	www.googletagmanager.com	vtemu.by
1	code.jquery.com	vtemu.by
1	inv-dmp.admixer.net	vtemu.by
328	68

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
www.facebook.com
vk.com
twitter.com
vtop.by
www.liveinternet.ru

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2021-06-08` - `2022-06-21`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2021-09-08` - `2022-09-25`	a year	crt.sh
mc.yandex.ru Yandex CA	`2021-12-22` - `2022-06-03`	5 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2021-06-10` - `2022-06-22`	a year	crt.sh
*.hybrid.ai Sectigo RSA Domain Validation Secure Server CA	`2020-07-07` - `2022-10-05`	2 years	crt.sh
*.ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-10`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-06`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-03` - `2022-05-02`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-22` - `2022-04-21`	2 years	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.buzzoola.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-30` - `2022-09-28`	2 years	crt.sh

This page contains 34 frames:

Primary Page: https://vtemu.by/
Frame ID: 4086F7DAD1BDF84040F77BA3FF80EC80
Requests: 129 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20190131/zrt_lookup.html
Frame ID: 072AED8EE10B33B2C6DBBF5AAC694F02
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: A688507BD22DA0EF8C9DE01A383B7A44
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&adk=1812271804&adf=3025194257&lmt=1646309428&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fvtemu.by%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309628050&bpp=2&bdt=172&idt=170&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=343392690677&frm=20&pv=2&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=203
Frame ID: 8C7F43AB7753A876C8F7BCA28BDCBA3C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/44184/c.html?b=44184
Frame ID: 3BE2E3C3F8D332BC14033A8B0AD836D1
Requests: 1 HTTP requests in this frame

Frame: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CD43496579F6F4DFA664F757CE26D0FD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24
Frame ID: CAE31E553C049A203A9D9DDE46406CA3
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37
Frame ID: 7F4372D83BC6C4438334EA90A328AE2E
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40
Frame ID: 53E64A7AA3B4D627C431A56010C5C6B2
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43
Frame ID: 91E17A952F6A10585F50E98CEFC2264D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1992333392&pi=t.aa~a.1040856864~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=0&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3952&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=cbRfOXMPBT&p=https%3A//vtemu.by&dtd=45
Frame ID: E97DFF12EE575409796D0536D3171C09
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4F47C6565FE83FE0084D5288783F16A0
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1
Frame ID: 5F90327E22326764C7C290230126594E
Requests: 8 HTTP requests in this frame

Frame: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 44902CC3AF350DEC5F8AC63AA0C59B5F
Requests: 17 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YiCw_AAErWEK4C3bAA8sKaFXkUood7KAU_QpLA&u=%7C5yi909FihAXqthaCfhtuFCWzUYOEzoZvomEPHeNPMSY%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wdMQbUJ2oe0VN9BzJTyj-HjMvuxAXy2Tevw1hXaymk8OQIWWniy-Po-d5aFpl7cS_koJH7HO4G7OG1ux4NdedclZKVtCnYM4etddUrmURFyM2n4HjTVRNVu1ZyIlXXqG5Pix7SlDx0SDIa8YC_xxern_UbXgXko-vhZtFN5q8-LDBx-T7qN0wp6Sgdp6KC2nuLc8QC9C6heYLVR2ht5SuJBfVmruvCwEy4cxpYyAJCnyhH8tGjSEg6g6A5mB9CBNGdUKP2GpCtVZUQT5pIVa5xrMvw8-2T1exjF-KCLdXmBSb4eyOtsz8Tyyp7eSw9q1q2qSqsepyzvaWx9kBE9_qESmwppIc1v-Td21ntHVnEUeDNJRyM8BXfXC7V2vcRNup0thZW0TlJNVXAA-HHz1F9I&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpHPi_LAgYuHaEtvbgAep2LyQCcme0rFcvfGU93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMzk5MDQ5MDMzMTUzMTY1MqAB1bbS6gPIAQmpAtNKqH2CnLI-qAMBqgTOAU_Q98lWbthSH__TFyzgHr3-PwjhWLRka0PeHnwRgTbv6-mvFUd-AcTjgfzII4r-TU770VaVyWzkWmxslT-6LDnxAAVUV0G4wHRgqZ1Q6YVnIYDvDAF7XN7gAdbYmkfSk2qhdD_Gqu6CPTxHxJTbOp25yjLbLSIQZcSgEvoZz8Jd8EhGhy32CJiAWItE821i40NB5noc-Elr_J2bKh3ANdESeXVx58ElKcH5f_2s4I7SJxkApxG8llujvB5-u9U8fXk_AMaomJZ4E2PADmXGgAaalI351ZKE078BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1O3Qiw1A6t2eGR8XIe-3kd2j1XFw%26client%3Dca-pub-3990490331531652%26adurl%3D
Frame ID: 0A95A502F46BB97202683574969B081C
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGObjob0BMAE&v=APEucNWttiertR71wCTVnEV4B5PcQu1vlyNZomtg_uS55UEN4tqsPBiG8RRfyrXIZZYlODoUrTMrDt4wAyJsTUxnyecHAjNsQqzDrpEnZM_OTwVL0x1tBCPKkmZPEU2dTz2MMbMtLCIHhDhMsb8IJfc4odhnP0jS8q-BZeQSPImmM1KrwRm46kM
Frame ID: 3C410D2CEA4A25125DA7F5231669F4C4
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 8B0F41B0B0C01F448CCEC48EF92DD772
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 6C421D3356740A47961998E66139F0BC
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2
Frame ID: 97E1F72C46892CC4AC07C46ED6BA90D6
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js
Frame ID: 661416CA6326BDCF9BA9CB1C374A4340
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 814AD7A1AFFC4365E302E7742EA85B78
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 302018DCFFF64BA38BD08842D93830FE
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B7EECF520E8021886543D0E4DACBBD45
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 28C90D6B035926FEE3232F847EB5FCFC
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2B5D353D8C91B779153B7CC4C3D77AFC
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js
Frame ID: 63C3934FC19D83C4CF1F7DDFA2219AB2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js
Frame ID: B35C1A6E65AD86EFB0F6359C5C5EB3BD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js
Frame ID: A9D0C837972DBEDA294E8DC51DC542C5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js
Frame ID: 8044E0ACE0AC69EC283A2850326A47F8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js
Frame ID: BBDC081E9A9EC7355710873DBD95F51C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 66B404E0E8E7F3B928EA1B5774FD9D86
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js
Frame ID: F5F06593F7E176EECD8BD160BD973850
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 918AA11FD7060E915E25781CDD379D55
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 672ADA5758EBBC8A0CDB404E2908877E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Поделки своими руками, подарки, handmade, DIY, мастер классы - vtemu.by

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

328
Requests

87 %
HTTPS

39 %
IPv6

48
Domains

68
Subdomains

51
IPs

11
Countries

7516 kB
Transfer

11577 kB
Size

70
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.instagram.com/vtemuby/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/vtemuby?_rdr=p

Search URL Search Domain Scan URL

URL: https://vk.com/vtemuby

Search URL Search Domain Scan URL

URL: https://twitter.com/vtemuby

Search URL Search Domain Scan URL

URL: https://vtop.by/
Title: вТОП

Search URL Search Domain Scan URL

URL: https://www.liveinternet.ru/click

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://counter.yadro.ru/hit?t43.2;r;s1600*1200*24;uhttps%3A//vtemu.by/;h%u041F%u043E%u0434%u0435%u043B%u043A%u0438%20%u0441%u0432%u043E%u0438%u043C%u0438%20%u0440%u0443%u043A%u0430%u043C%u0438%2C%20%u043F%u043E%u0434%u0430%u0440%u043A%u0438%2C%20handmade%2C%20DIY%2C%20%u043C%u0430%u0441%u0442%u0435%u0440%20%u043A%u043B%u0430%u0441%u0441%u044B%20-%20vtemu.by;0.6633123786917698 HTTP 302
https://counter.yadro.ru/hit?q;t43.2;r;s1600*1200*24;uhttps%3A//vtemu.by/;h%u041F%u043E%u0434%u0435%u043B%u043A%u0438%20%u0441%u0432%u043E%u0438%u043C%u0438%20%u0440%u0443%u043A%u0430%u043C%u0438%2C%20%u043F%u043E%u0434%u0430%u0440%u043A%u0438%2C%20handmade%2C%20DIY%2C%20%u043C%u0430%u0441%u0442%u0435%u0440%20%u043A%u043B%u0430%u0441%u0441%u044B%20-%20vtemu.by;0.6633123786917698

Request Chain 84

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9566.jQyJgxk6VKAlXgv19vxIniBwzd2akmmmpB2jE4hQken6mqJMXNFaw7XMwMNB5Ryg.YbozUFEwryvavAHbDCn-AZ7Ytrc%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9566.HlSixRSnKtDGP96Nsa5z3OlFiROHf77afCpaZ4LRPLcx5igW1tUqDHRTYpxBcllb4LSUcdsw3l0p1Pi_bBt5xw%2C%2C.QncDtrwPSgbFpMPTmLNQSfLN8Q8%2C

Request Chain 86

https://gaby.hit.gemius.pl/_1646309628341/rexdot.js?l=100&id=zCFFLPf79UsOj0a1IAVhlGYTP_2Bnu__xMy3zzzAQ8r.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fvtemu.by%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=211&lsdata=OYQRVIpHpnf3aeP1rJ_bdrG149.g780oBI9bokxjP9r.b7vr9mZxkUgeOqel4nB4XS502LstTsAABX5o.lHlALw0EK3s/qIYiaEwJsT8iD/&fpdata=myphTIVgyWNL336y8YFxPVk0WTzpas7W9bKiFydF1gr.B7&vis=1&fpcap= HTTP 301
https://gaby.hit.gemius.pl/__/_1646309628341/rexdot.js?l=100&id=zCFFLPf79UsOj0a1IAVhlGYTP_2Bnu__xMy3zzzAQ8r.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fvtemu.by%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=211&lsdata=OYQRVIpHpnf3aeP1rJ_bdrG149.g780oBI9bokxjP9r.b7vr9mZxkUgeOqel4nB4XS502LstTsAABX5o.lHlALw0EK3s/qIYiaEwJsT8iD/&fpdata=myphTIVgyWNL336y8YFxPVk0WTzpas7W9bKiFydF1gr.B7&vis=1&fpcap=

Request Chain 87

https://mc.yandex.com/watch/22270396?wmode=7&page-url=https%3A%2F%2Fvtemu.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A521%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A162500067064%3Ahid%3A1010760582%3Az%3A0%3Ai%3A20220303121348%3Aet%3A1646309628%3Ac%3A1%3Arn%3A360701278%3Arqn%3A1%3Au%3A1646309628492691176%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1646309627427%3Ads%3A71%2C37%2C338%2C2%2C0%2C0%2C%2C160%2C3%2C%2C%2C%2C609%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1646309628%3At%3A%D0%9F%D0%BE%D0%B4%D0%B5%D0%BB%D0%BA%D0%B8%20%D1%81%D0%B2%D0%BE%D0%B8%D0%BC%D0%B8%20%D1%80%D1%83%D0%BA%D0%B0%D0%BC%D0%B8%2C%20%D0%BF%D0%BE%D0%B4%D0%B0%D1%80%D0%BA%D0%B8%2C%20handmade%2C%20DIY%2C%20%D0%BC%D0%B0%D1%81%D1%82%D0%B5%D1%80%20%D0%BA%D0%BB%D0%B0%D1%81%D1%81%D1%8B%20-%20vtemu.by&t=gdpr(14)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/22270396/1?wmode=7&page-url=https%3A%2F%2Fvtemu.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A521%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A162500067064%3Ahid%3A1010760582%3Az%3A0%3Ai%3A20220303121348%3Aet%3A1646309628%3Ac%3A1%3Arn%3A360701278%3Arqn%3A1%3Au%3A1646309628492691176%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1646309627427%3Ads%3A71%2C37%2C338%2C2%2C0%2C0%2C%2C160%2C3%2C%2C%2C%2C609%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1646309628%3At%3A%D0%9F%D0%BE%D0%B4%D0%B5%D0%BB%D0%BA%D0%B8%20%D1%81%D0%B2%D0%BE%D0%B8%D0%BC%D0%B8%20%D1%80%D1%83%D0%BA%D0%B0%D0%BC%D0%B8%2C%20%D0%BF%D0%BE%D0%B4%D0%B0%D1%80%D0%BA%D0%B8%2C%20handmade%2C%20DIY%2C%20%D0%BC%D0%B0%D1%81%D1%82%D0%B5%D1%80%20%D0%BA%D0%BB%D0%B0%D1%81%D1%81%D1%8B%20-%20vtemu.by&t=gdpr%2814%29aw%281%29ti%282%29

Request Chain 108

https://admixer-sync.rutarget.ru/sync HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=76391747-8C01-44B5-BA9C-B7DA670E100C&id=7hkfBOaVDWXl

Request Chain 109

https://exchange.buzzoola.com/cookiesync/ssp/admixer?uid=b8249f2c321b4769b706765f0eb4be15 HTTP 307
https://exchange.buzzoola.com/cookiesync/ssp/admixer?set_buzzoola_cookie=t&uid=b8249f2c321b4769b706765f0eb4be15

Request Chain 110

https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806 HTTP 302
https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806&tuid=-4663538251 HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AG4TOtkIyeAXuBn4hCsxkyw

Request Chain 113

https://x.bidswitch.net/sync?ssp=admixer&user_id=b8249f2c321b4769b706765f0eb4be15&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=admixer&user_id=b8249f2c321b4769b706765f0eb4be15&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://green.erne.co/bidswitch/cm?bidswitch_ssp_id=admixer&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=vVXKm9QLmyhqamHbGhUnYahd&ssp=admixer HTTP 302
https://inv-nets.admixer.net/bs/cm.aspx?id=daa7cacc-fe90-4572-b08f-1f8bf8fd476e&gdpr=&consent=&gdpr_pd=

Request Chain 114

https://ssum-sec.casalemedia.com/usermatchredir?s=197200&cb=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DFCC51D18-EB58-4B22-B884-02E238CDD6F2%26id%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DFCC51D18-EB58-4B22-B884-02E238CDD6F2%26id%3D&s=197200&C=1 HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=FCC51D18-EB58-4B22-B884-02E238CDD6F2&id=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB

Request Chain 117

https://creativecdn.com/cm-notify?pi=admixer HTTP 302
https://creativecdn.com/cm-notify?pi=admixer&tc=1

Request Chain 145

https://pixel.adsafeprotected.com/rfw/st/907318/59567100/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd= HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE0bnB6jRevQ1SS60G_wOI0&google_cver=1

Request Chain 157

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YiCw-NfZgsvJGMf8-f2LhQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPtAE8TU6dQ1vdPhuVMBLm4&google_cver=1

Request Chain 158

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEL2WXMkq4i7LadJoipfktgg&google_cver=1

Request Chain 159

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDMzNjM5NTA0MjcxNzYwNzU4Nw%3D%3D

Request Chain 178

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=322895936&d_campaign=26938792&d_bust=3200232915&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=322895936&d_campaign=26938792&d_bust=3200232915&gdpr=&gdpr_consent=

Request Chain 180

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 258

https://d.agkn.com/pixel/2175/?google_gid=CAESEFY0BZzZNJjMaDswAquSFsE&google_cver=1&google_push=AYg5qPIzRCTVcmb8h2sHXG3bvWzU8FkPiqDo5nywoLcJe3_5aOlba6bIfp8xyyFs3PQdRTffueYrdXtkQCBTnMjYZ18vB5GmNv6H HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPIzRCTVcmb8h2sHXG3bvWzU8FkPiqDo5nywoLcJe3_5aOlba6bIfp8xyyFs3PQdRTffueYrdXtkQCBTnMjYZ18vB5GmNv6H&google_hm=Q0FFU0VGWTBCWnpaTkpqTWFEc3dBcXVTRnNF

Request Chain 260

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEbawzkUxINjenk2LgePnp8&google_cver=1&google_push=AYg5qPKikAfW5ybZMPOrZzuD41CVMjfZkr_ni8Q_NSGoJyiWbOMPH1e0l_k1EKk3SwY9HHERwVdR_HZDgQZLcQ8tDtGxd1aBgcef3w HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEbawzkUxINjenk2LgePnp8&google_cver=1&google_push=AYg5qPKikAfW5ybZMPOrZzuD41CVMjfZkr_ni8Q_NSGoJyiWbOMPH1e0l_k1EKk3SwY9HHERwVdR_HZDgQZLcQ8tDtGxd1aBgcef3w&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=LQgUj3NyTlG5dl_bDLM8BA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKikAfW5ybZMPOrZzuD41CVMjfZkr_ni8Q_NSGoJyiWbOMPH1e0l_k1EKk3SwY9HHERwVdR_HZDgQZLcQ8tDtGxd1aBgcef3w

Request Chain 261

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJfpfLzt9680Kc2U0gHIK-E&google_cver=1&google_push=AYg5qPJZ9THaZtp1sdJOb9hxcSG-il8tHHJRuLYQQliTVLneUb06xS-5amz25cAeWcStbvXPScsbga1vG0_XqQNZoepoAZwbN5wE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXRU4tVC1JTEUw&google_push=AYg5qPJZ9THaZtp1sdJOb9hxcSG-il8tHHJRuLYQQliTVLneUb06xS-5amz25cAeWcStbvXPScsbga1vG0_XqQNZoepoAZwbN5wE

Request Chain 262

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q&google_cver=1&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q

Request Chain 268

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENAQKrYA6-r_HMTdPzG68cg&google_cver=1&google_push=AYg5qPI-2X5cPLX7d6OUmMJPD7qJGuQSI-iKtCYs2ZXCVpnVf2G6uv1mLSJYfBQAgGDp8p4ct-6zRFy5Jofmmu2-7ir2emTY5tWy HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPI-2X5cPLX7d6OUmMJPD7qJGuQSI-iKtCYs2ZXCVpnVf2G6uv1mLSJYfBQAgGDp8p4ct-6zRFy5Jofmmu2-7ir2emTY5tWy&google_hm=h8bGzB8qhyoNMNDqDLhSbA

Request Chain 269

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJEbyBMTVNGoBSlVUN-t4oWt52gbnFKR84kdMt17XTfno4Y2P4XRSTqoJWif8PMtlnOLBv5sKSQFzcSfMjotsWT9gecfpw&google_gid=CAESEIRdn2yUXTaIhpciiXgNNyY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlDdy1nQUFCTmloeVdUcg&google_push=AYg5qPJEbyBMTVNGoBSlVUN-t4oWt52gbnFKR84kdMt17XTfno4Y2P4XRSTqoJWif8PMtlnOLBv5sKSQFzcSfMjotsWT9gecfpw

Request Chain 271

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFpufgk-yqyqBrz6L1UVKsQ&google_cver=1&google_push=AYg5qPKQ-qSk3zKGpeZBjdMcn0cAwcMg4hNzGR_fWYVYTzgNUvmpjHYAy3SPc0HI0gbiD4Tm377-HICDs2e6T4AA47mruWIIaSQJ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFpufgk-yqyqBrz6L1UVKsQ&google_cver=1&google_push=AYg5qPKQ-qSk3zKGpeZBjdMcn0cAwcMg4hNzGR_fWYVYTzgNUvmpjHYAy3SPc0HI0gbiD4Tm377-HICDs2e6T4AA47mruWIIaSQJ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eeD-ESOUTaqDsmfES9JBIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKQ-qSk3zKGpeZBjdMcn0cAwcMg4hNzGR_fWYVYTzgNUvmpjHYAy3SPc0HI0gbiD4Tm377-HICDs2e6T4AA47mruWIIaSQJ

Request Chain 272

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJbnmiZU1PBshh4m6NoBaz8&google_cver=1&google_push=AYg5qPLao9Ni6b7Amsf3DRNzKD_eM4QK8KbsRz2K0Z8vTYvMVsi_SjEtXbhNAaUJHMQSjWafrV_Y3ZUbMxZLQCJTB1NeSX6Bymqz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXR0ktQi1BOFdO&google_push=AYg5qPLao9Ni6b7Amsf3DRNzKD_eM4QK8KbsRz2K0Z8vTYvMVsi_SjEtXbhNAaUJHMQSjWafrV_Y3ZUbMxZLQCJTB1NeSX6Bymqz

Request Chain 273

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ&google_cver=1&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ

Request Chain 274

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEDDGroITOfwS5nUnM-0QpXY&google_cver=1&google_push=AYg5qPLHxXOilVkKJ-OeBmODvmq0B8CR9jEMKl5QA-wSHVCUUBwLJxWlRerxSErY96i5yelNxuQOjA7puIkxZrI6npw-LO1tf_whKA HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLHxXOilVkKJ-OeBmODvmq0B8CR9jEMKl5QA-wSHVCUUBwLJxWlRerxSErY96i5yelNxuQOjA7puIkxZrI6npw-LO1tf_whKA&google_hm=lbmglbvffofotpkejbvpjpwsxblc

Request Chain 285

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEFu-8Rn2_ohqAhYAFD0BsUM&google_cver=1&google_push=AYg5qPLyH9oAXhD8WZCS_hlkupp92SqL43bXWr8l5Mq3ZVMgUzxpfww8VWHg9vI0fSGER3VnO5fZNVH3s28omthmO1v-H6CDUg HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLyH9oAXhD8WZCS_hlkupp92SqL43bXWr8l5Mq3ZVMgUzxpfww8VWHg9vI0fSGER3VnO5fZNVH3s28omthmO1v-H6CDUg&google_hm=h8bGzB8qhyoNMNDqDLhSbA

Request Chain 286

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKXweyJBPp8kUrmCgpaDinO8TDw2VwDXrbK4zByQxFE6EoMitflusJGq5WaBMuj4P-60izS0VcNPIaTSocR6T9XUZScxg&google_gid=CAESEBw1lCYlvH6bXgr_gcblKRE&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKXweyJBPp8kUrmCgpaDinO8TDw2VwDXrbK4zByQxFE6EoMitflusJGq5WaBMuj4P-60izS0VcNPIaTSocR6T9XUZScxg&google_gid=CAESEBw1lCYlvH6bXgr_gcblKRE&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMDMxMjEzNTAwMDA2OTU3OTQ3MzU5NA%3D%3D&google_push=AYg5qPKXweyJBPp8kUrmCgpaDinO8TDw2VwDXrbK4zByQxFE6EoMitflusJGq5WaBMuj4P-60izS0VcNPIaTSocR6T9XUZScxg

Request Chain 289

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJoj2mb1QcB_MZqU6D2d8qs&google_cver=1&google_push=AYg5qPI9IU6hOsso5igAuDZKbKxLmMJOwmcrzydvNuqI4AjjrPWVNNjETUu52x2AJYXBo0vDV0SwT8_r0RWrOO5d914jRKwrxg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJoj2mb1QcB_MZqU6D2d8qs&google_cver=1&google_push=AYg5qPI9IU6hOsso5igAuDZKbKxLmMJOwmcrzydvNuqI4AjjrPWVNNjETUu52x2AJYXBo0vDV0SwT8_r0RWrOO5d914jRKwrxg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_pgxRVAnRVWmNadFZJ6f4Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI9IU6hOsso5igAuDZKbKxLmMJOwmcrzydvNuqI4AjjrPWVNNjETUu52x2AJYXBo0vDV0SwT8_r0RWrOO5d914jRKwrxg

Request Chain 290

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEC4yfaRocwlWOOf_X9XheqY&google_cver=1&google_push=AYg5qPLvdcrpJv7aAC2Iyad-jIQtjMuM1o2FFzIIFggj4rGSZf_GwnhXBhgPR95rqUYr7A3kUqHEukwj3lrFkUsKSqdTZQhyaA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXSDUtMTAtTTlDOQ==&google_push=AYg5qPLvdcrpJv7aAC2Iyad-jIQtjMuM1o2FFzIIFggj4rGSZf_GwnhXBhgPR95rqUYr7A3kUqHEukwj3lrFkUsKSqdTZQhyaA

Request Chain 291

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk

Request Chain 300

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIEcjbWw4xbXdOfLOA0NWzvCEC9yAO-WXvSeBH1-9pXK9LUpA-AyMFc5OxVmzJLlJBNB26sbruK2Osxhk-LqLdyE10FlQQ&google_gid=CAESEGwQd5Zw0JYU-20zi5p17io&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCP7hgpEGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBJRWNqYld3NHhiWGRPZkxPQTBOV3p2Q0VDOXlBTy1XWHZTZUJIMS05cFhLOUxVcEEtQXlNRmM1T3hWbXpKTGxKQk5CMjZzYnJ1SzJPc3hoay1McUxkeUUxMEZsUVE HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWDBJY3ZNdEFwZWV0VVhvY1dDd2tHSUFXRlF1dWxkRU9xczlJQXBiQTRwQQ==&google_push

Request Chain 303

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELtnlhsVwCzS8fWRA8y7v4U&google_cver=1&google_push=AYg5qPLyslcWneniE8-6sH7IWzC72cq2p9Cdc1Ee4XxjObG8US_tJAsMsLeKb5TtRLIqyQLZF2P04NdwGSQo-kj-wGMyMq1iAPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXSUUtWi05WENQ&google_push=AYg5qPLyslcWneniE8-6sH7IWzC72cq2p9Cdc1Ee4XxjObG8US_tJAsMsLeKb5TtRLIqyQLZF2P04NdwGSQo-kj-wGMyMq1iAPg

Request Chain 304

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc

Request Chain 305

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEDEP3oKVtoEP0bg16Kd3ZrM&google_cver=1&google_push=AYg5qPJ2xmyqViiMJfZw3P-BzlajHhO7sTK1vOiv8dwPLNMnpCU70glW2g88o6Bb2iDdyXk2uw-qtpVMibQ-5YYuA8qLsYxLdw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPJ2xmyqViiMJfZw3P-BzlajHhO7sTK1vOiv8dwPLNMnpCU70glW2g88o6Bb2iDdyXk2uw-qtpVMibQ-5YYuA8qLsYxLdw&google_hm=5vKU4O2qTtKRq3KWkrp_Yg

Request Chain 306

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEMdzQhOukHAQSQejOxeWZX4&google_cver=1&google_push=AYg5qPIXLS6lQAZin__ZNso4YLUQxAD7DLQS-uUytTHHrN9_9f0IhFf9KHPSiOsTvzRh1bwoybSrI5gOwVshXaKr7dQvmmFk05U HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPIXLS6lQAZin__ZNso4YLUQxAD7DLQS-uUytTHHrN9_9f0IhFf9KHPSiOsTvzRh1bwoybSrI5gOwVshXaKr7dQvmmFk05U&google_hm=lbmglbvffofotpkejbvpjpwsxblc

Request Chain 313

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEBFy1AuSUJRUyghMjFWCsc&google_cver=1&google_push=AYg5qPJlP6v0CP2B1DdplPWqqfA927oUTBP5wPaq98c86FiZG_cf6i5Ahdz-KJRnPZMJ7mgulwGeTvM_lQiQv1xAwHg_Tps-fQNQ HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPJlP6v0CP2B1DdplPWqqfA927oUTBP5wPaq98c86FiZG_cf6i5Ahdz-KJRnPZMJ7mgulwGeTvM_lQiQv1xAwHg_Tps-fQNQ&google_hm=h8bGzB8qhyoNMNDqDLhSbA

Request Chain 317

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIZUKaqix7gwStr1JLX45Rg&google_cver=1&google_push=AYg5qPKAwljgrHAZ5qxwXarPtbSa8kwPpWYQOOM1CoYwClYWMGS962ys05MsS25uJmY3a8HJJJ9nOpE7DpE6XF2JOk3uhPeAUL0 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIZUKaqix7gwStr1JLX45Rg&google_cver=1&google_push=AYg5qPKAwljgrHAZ5qxwXarPtbSa8kwPpWYQOOM1CoYwClYWMGS962ys05MsS25uJmY3a8HJJJ9nOpE7DpE6XF2JOk3uhPeAUL0&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1pheje4BSdG8i_KVg9ZABQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKAwljgrHAZ5qxwXarPtbSa8kwPpWYQOOM1CoYwClYWMGS962ys05MsS25uJmY3a8HJJJ9nOpE7DpE6XF2JOk3uhPeAUL0

Request Chain 318

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECs6FaQL6bC30C_IJU8gBOI&google_cver=1&google_push=AYg5qPIRtIwkNfgGTh_KQjZaGC2-3xNSiiM3XNukEWkCd8Repb5KHnqmavWi8pGXUTwRYxAzk1lK7sVFcZW2dVpE8y8yAIgx5wQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXVEUtSy0yMEJY&google_push=AYg5qPIRtIwkNfgGTh_KQjZaGC2-3xNSiiM3XNukEWkCd8Repb5KHnqmavWi8pGXUTwRYxAzk1lK7sVFcZW2dVpE8y8yAIgx5wQ

Request Chain 319

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE&google_cver=1&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE

Request Chain 335

https://ssum-sec.casalemedia.com/usermatchredir?s=197200&cb=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DFCC51D18-EB58-4B22-B884-02E238CDD6F2%26id%3D HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=FCC51D18-EB58-4B22-B884-02E238CDD6F2&id=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB

Request Chain 336

https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806 HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AG4TOtkIyeAXuBn4hCsxkyw

Request Chain 337

https://x.bidswitch.net/sync?ssp=admixer&user_id=b8249f2c321b4769b706765f0eb4be15&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=admixer&bsw_custom_parameter=daa7cacc-fe90-4572-b08f-1f8bf8fd476e HTTP 302
https://x.bidswitch.net/sync?dsp_id=257&user_id=mk521b4020-62be-4632-9b49-92b0e63d6ea7&expires=7&user_group=5&ssp=admixer&bsw_param=daa7cacc-fe90-4572-b08f-1f8bf8fd476e HTTP 302
https://inv-nets.admixer.net/bs/cm.aspx?id=daa7cacc-fe90-4572-b08f-1f8bf8fd476e&gdpr=&consent=&gdpr_pd=

328 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
vtemu.by/ 150 KB
15 KB 447ms
338ms Document
text/html 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07bd888b3e995c38b266f77716d590b205dd9218c648b04164f84f32f010283b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,Cookie
last-modified: Thu, 03 Mar 2022 12:10:28 GMT
cache-control: max-age=3, must-revalidate
expires: Thu, 03 Mar 2022 12:13:50 GMT
x-beget-proxy: stan.beget.ru
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6w6GKc%2Fj%2FOj8k1dyxppxEtOJX0Ctpd1QqwnWj0ExsO0PUYZHKWx2nUbDqR5IWYVa%2Fhu7dHoMEhFbAlR0RoeguIEaRBQrF%2BV%2Ba8RNpoRiPMBaaaIubaQ0OhuObg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e6249c42cfc99a4-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 autoptimize_5ebf55ea23fba9446df906903641b158.css
vtemu.by/wp-content/cache/autoptimize/css/ 3 KB
2 KB 31ms
31ms Stylesheet
text/css 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-content/cache/autoptimize/css/autoptimize_5ebf55ea23fba9446df906903641b158.css
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b32ece00a134a857c3756206420ba6a1ef53361d006710070773386aeebdba3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19289
cf-polished: origSize=3201
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Nov 2021 21:45:57 GMT
server: cloudflare
etag: W/"61a69b95-c81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERs1i8iDufYBfY0BFgcygpUIqYxKFW%2BUtM9NrDKBNrwhaFZXggJew9DovhtoAyI2y90Qf1Y1zAd%2BR35fzaKVp99%2Fz155G7MwGDsQ%2F65X0xTSWqF6eN22WjvHRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=604800
cf-ray: 6e6249c669e799a4-CDG
x-beget-proxy: stan.beget.ru
expires: Thu, 10 Mar 2022 06:52:17 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 535
date: Thu, 03 Mar 2022 12:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 03 Mar 2022 14:04:52 GMT

GET
H3 200 autotrack.js Show response
vtemu.by/wp-content/plugins/all-in-one-seo-pack/app/Common/Assets/js/ 24 KB
9 KB 36ms
34ms Script
application/x-javascript 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-content/plugins/all-in-one-seo-pack/app/Common/Assets/js/autotrack.js?ver=4.1.6.2
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b9d18fcdae65d4869f7472d27782f39bdf6205f95c54679be401f8d55787e9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 526732
cf-polished: origSize=24655
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 17 Jan 2022 13:42:50 GMT
server: cloudflare
etag: W/"61e5725a-604f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4SrMqtYwGZn6iBLK26uFoh0y6dKJJeDzB2LyrO4x7PRyX3OJvRRYfNz5uFeZDNdiP%2FPEfwckgErfW8N9bOS8j0OsHQ3ElKLkMYSL3Da3gFhgdXlALitaRLigoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=604800
cf-ray: 6e6249c69c0c9124-FRA
x-beget-proxy: stan.beget.ru
expires: Fri, 04 Mar 2022 09:54:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
53 KB 57ms
33ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3990490331531652

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a58a3942716ac89fb43bceef39f68b77b99d8a0dfd92eda2f6f197ce77dea00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vtemu.by/
Origin: https://vtemu.by
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53984
x-xss-protection: 0
server: cafe
etag: 16187046088629525285
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 03 Mar 2022 12:13:47 GMT

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 176 KB
55 KB 655ms
25ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: e1a9f29f42c8aded9c06916867c167eeefff784bb887ea25d10959df0bbf25ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 17:57:43 GMT
server: gcore
etag: W/"621a6a17-2c0e6"
x-cached-since: 2022-03-03T12:13:33+00:00
content-type: application/javascript
cache-control: max-age=600
cache: HIT
expires: Sat, 26 Feb 2022 18:08:55 GMT

GET
H/1.1 200
OK dmpcnt.js Show response
inv-dmp.admixer.net/ 1 KB
2 KB 45ms
8ms Script
application/javascript 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL: https://inv-dmp.admixer.net/dmpcnt.js?cntoid=c537fd3c-ec7e-49d5-b4bb-10a57417947a
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),
Reverse DNS
Software: nginx /
Resource Hash: f017ea63da9820cfe730c47e88365b93532f7df13c1ce5d8575ad4a340928989

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:47 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NID DSP ALL COR"
Cache-Control: no-store
Connection: keep-alive
Content-Type: application/javascript
Keep-Alive: timeout=25
Expires: Wed, 21 Oct 2015 07:28:00 GMT

GET
H3 200 logobig.png
vtemu.by/wp-content/themes/vtemu_v202112_adm/images/ 2 KB
2 KB 36ms
34ms Image
image/png 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/themes/vtemu_v202112_adm/images/logobig.png
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4212bd83dd16caef827c50b737a4252cb1b2cbab5301b04805a20001957d3ad6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 354007
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1896
last-modified: Fri, 10 Dec 2021 08:01:09 GMT
server: cloudflare
etag: "61b30945-768"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rb4W%2BkkA5UNQoCamvU2UQaA1VjF9HF0z%2BR1RC6H1iZoefK0RoctNMoXzH%2FUts00uy6EkICZg4zy2Adi9GOfgBfjK6KVQIOSbnDXZxl3djmArjnNjSf8IhpDnOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c69c0e9124-FRA
x-beget-proxy: stan.beget.ru
expires: Tue, 29 Mar 2022 09:53:40 GMT

GET
H/1.1 200
OK prebid-loader2.aspx Show response
prebid-inv-eu.admixer.net/ 8 KB
8 KB 44ms
10ms Script
application/javascript 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-inv-eu.admixer.net/prebid-loader2.aspx?adguid=07460e1a-d159-46ea-a3a6-e5a73d67581f
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: 287a8a9c203e4368de90d27ab82eb8909013ba49a61d50ec73aa67e416fc1e8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:47 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H2 200 jquery.min.js Show response
code.jquery.com/ 94 KB
33 KB 29ms
8ms Script
application/javascript 2001:4de0:ac18::1:a:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery.min.js
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 4b940065e2a67c37e3bd02b23c651f4744a3c219aba2d4fb99a631113494d376

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-1764d"
vary: Accept-Encoding
x-hw: 1646309627.dop239.fr8.t,1646309627.cds263.fr8.hn,1646309627.cds103.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33226

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/ 36 KB
11 KB 74ms
34ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 722, 617, 617
age: 7812421
cdn-cachedat: 2021-03-11 11:57:55
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: fbee2cc04fdd3c5841bb4113b8b31dc1
cf-ray: 6e6249c6d9313756-MXP
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3 200 jquery.sticky.min.js Show response
vtemu.by/wp-content/themes/vtemu_v202112_adm/js/ 2 KB
2 KB 18ms
16ms Script
application/x-javascript 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-content/themes/vtemu_v202112_adm/js/jquery.sticky.min.js
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80af1658b5482265a4a0a040eb65f5130872749184b686ec434feeaea804612a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 249791
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 10 Dec 2021 08:01:09 GMT
server: cloudflare
etag: W/"61b30945-9f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VzYn6LWaPPGVBs3%2F16qKGUTBxROrUjImEPT47fVK0IXQl5WpCZLdb5aEt0RgPsQTT8VkxQRCodqCryFbZXTQ8XVzd%2FpXE0mOa7oNa%2B6j%2BzUxw4fgnfgarvJubQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=604800
cf-ray: 6e6249c69c109124-FRA
x-beget-proxy: stan.beget.ru
expires: Mon, 07 Mar 2022 14:50:35 GMT

GET
H3 200 themesscript.min.js Show response
vtemu.by/wp-content/themes/vtemu_v202112_adm/js/ 823 B
982 B 25ms
23ms Script
application/x-javascript 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-content/themes/vtemu_v202112_adm/js/themesscript.min.js
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d060d4ad3687eb3f4c3ace663e890064811591ab06dff6ba7b611cc2a25777a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 249791
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 10 Dec 2021 08:01:09 GMT
server: cloudflare
etag: W/"61b30945-337"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NDcf1s7nWzaqjnuDA2FO3tUV8PbDqkYeYngRXv2Bo%2BDfrrtb7DRN7zdgZLVVnHLq5CWYk3u7cahC5ykID3PTuGt%2B4mzE50LqMJb2fU3h%2FEh2DP9l8vThuj5b%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=604800
cf-ray: 6e6249c69c119124-FRA
x-beget-proxy: stan.beget.ru
expires: Mon, 07 Mar 2022 14:50:36 GMT

GET
H3 200 jquery.min.js Show response
vtemu.by/wp-includes/js/jquery/ 87 KB
32 KB 27ms
25ms Script
application/x-javascript 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 249791
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 Aug 2021 11:45:51 GMT
server: cloudflare
etag: W/"612a21ef-15db1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0pEXxPjPCFUvlpTo8ktMmC5FVQEdP1DsqoSVYXsNBuvueIxO0qDqzW3YuDxaC1x%2FjVWjouyvr2YWRvQzrPjPTaE4zuHQCN9P8UH0VxQLET0%2F5qB20uyjw5TU9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=604800
cf-ray: 6e6249c69c049124-FRA
x-beget-proxy: stan.beget.ru
expires: Mon, 07 Mar 2022 14:50:35 GMT

GET
H3 200 jquery-migrate.min.js Show response
vtemu.by/wp-includes/js/jquery/ 11 KB
5 KB 35ms
33ms Script
application/x-javascript 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 567222
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 09 Dec 2020 09:12:53 GMT
server: cloudflare
etag: W/"5fd09515-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6iCNbtiqHZRUhqwbImQnDvpuGQjLL%2BbBEJ9VtjYQ%2BrFfcag4uxPufXx4RlwEicot0lvi0xVuQIiF7jfp0iKEQ%2BjTrjDVj0XgwmQbVWqBvgoEXtCt0D%2FjY%2Bp6WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=604800
cf-ray: 6e6249c69c069124-FRA
x-beget-proxy: stan.beget.ru
expires: Thu, 03 Mar 2022 22:40:05 GMT

GET
H3 200 jquery.modal.min.js Show response
vtemu.by/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/ 5 KB
2 KB 19ms
17ms Script
application/x-javascript 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/jquery.modal.min.js?ver=4.3.25
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 970d08b0edc4bfc0925495d8b11564f3c2fd368f745f7b3510a7fced11848894

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 526732
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 17 Jan 2022 14:03:18 GMT
server: cloudflare
etag: W/"61e57726-136e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PtRTco4UIDQXSRDo7FP5VSvOiDwMh8bsUlRHGqx4u16bBFKIXU%2F9cGzu0kpwjI07fSVuFx1k8dZENQIMa%2FKb7abo7pkGQzBtublmsbU4pEf2iKAqO%2FSTk2eRRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=604800
cf-ray: 6e6249c69c099124-FRA
x-beget-proxy: stan.beget.ru
expires: Fri, 04 Mar 2022 09:54:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 55ms
31ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-7662390-15

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

85dc4e3da9d58718cf3ce0336cc248978c9ce1a3a5e9e7bf57d78f9ec5273814

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37507
x-xss-protection: 0
expires: Thu, 03 Mar 2022 12:13:47 GMT

GET
H3 200 style.min.css
vtemu.by/wp-includes/css/dist/block-library/ 81 KB
12 KB 20ms
18ms Stylesheet
text/css 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-includes/css/dist/block-library/style.min.css?ver=5.9.1
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 152357
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 22 Feb 2022 17:42:48 GMT
server: cloudflare
etag: W/"62152098-145a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5RlE2hYbLSAEERnn4QNt0jel3EydBLD3evW67QPpj6Em5hCcL9kM9hKvjIfZVG%2BHpl80dXfbAICFnj9%2F5qqXTo%2Fvzlelhrc8t3D2IPL302ooWyQ0qnXOC4Po2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=604800
cf-ray: 6e6249c69c0b9124-FRA
x-beget-proxy: stan.beget.ru
expires: Tue, 08 Mar 2022 17:54:30 GMT

GET
H2 200 xgemius.js Show response
gaby.hit.gemius.pl/ 40 KB
11 KB 110ms
27ms Script
application/x-javascript 146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaby.hit.gemius.pl/xgemius.js
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: 4052bd01d776cf0dc996be3171117012a3ee8f17826c8dc11c6ce4e1777885d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Fri, 18 Feb 2022 08:43:58 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10839
expires: Fri, 04 Mar 2022 00:13:48 GMT

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 23ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:29:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2661
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 03 Mar 2022 12:29:26 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 15ms
15ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1545281597&t=pageview&_s=1&dl=https%3A%2F%2Fvtemu.by%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D0%BE%D0%B4%D0%B5%D0%BB%D0%BA%D0%B8%20%D1%81%D0%B2%D0%BE%D0%B8%D0%BC%D0%B8%20%D1%80%D1%83%D0%BA%D0%B0%D0%BC%D0%B8%2C%20%D0%BF%D0%BE%D0%B4%D0%B0%D1%80%D0%BA%D0%B8%2C%20handmade%2C%20DIY%2C%20%D0%BC%D0%B0%D1%81%D1%82%D0%B5%D1%80%20%D0%BA%D0%BB%D0%B0%D1%81%D1%81%D1%8B%20-%20vtemu.by&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAAAjAAAAAC~&jid=1911212080&gjid=51163438&cid=9797760.1646309628&tid=UA-7662390-15&_gid=1113006692.1646309628&_r=1&_slc=1&_av=2.4.0&_au=20&did=i5iSjo&z=196226959

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://vtemu.by/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://vtemu.by
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 prebidcdn.js Show response
cdn.admixer.net/prebidcdn/ 215 KB
79 KB 602ms
21ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/prebidcdn/prebidcdn.js?pm=adServer,adServerDFP,admixerAnalyticsAdapter,admixerBidAdapter,admixerIdSystem,currency,intersectionRtdProvider,schain&dev=true&rnd=268435462&hash=1385267621-
Requested by: Host: prebid-inv-eu.admixer.net
URL: https://prebid-inv-eu.admixer.net/prebid-loader2.aspx?adguid=07460e1a-d159-46ea-a3a6-e5a73d67581f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 33e13339440e41848ddb1b1863fdd2a0ca0d288f50756fff89a8febf1bb16549

Request headers

Referer: https://vtemu.by/
Origin: https://vtemu.by
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc32
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Thu, 20 Jan 2022 10:02:09 GMT
server: gcore
etag: W/"61e93321-35b69"
vary: Accept-Encoding
x-cached-since: 2022-02-25T12:06:30+00:00
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: content-range
cache-control: max-age=31622400
cache: HIT
expires: Sun, 26 Feb 2023 12:06:30 GMT

GET
H2 200 load-gpt.js Show response
cdn.admixer.net/scripts/ 561 B
452 B 603ms
22ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts/load-gpt.js
Requested by: Host: prebid-inv-eu.admixer.net
URL: https://prebid-inv-eu.admixer.net/prebid-loader2.aspx?adguid=07460e1a-d159-46ea-a3a6-e5a73d67581f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 7c1ed20a3a66178e281109e3bf99dd278456eeea71357c6562ebb61aa0c269fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Mon, 17 Jan 2022 12:25:34 GMT
server: gcore
etag: W/"61e5603e-231"
vary: Accept-Encoding
x-cached-since: 2022-02-04T09:29:02+00:00
content-type: application/javascript
access-control-expose-headers: content-range
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Sun, 05 Feb 2023 09:29:02 GMT

GET
H2 200 tag-manager.runtime.js Show response
cdn.admixer.net/analytics/ 1 KB
978 B 600ms
22ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/analytics/tag-manager.runtime.js
Requested by: Host: inv-dmp.admixer.net
URL: https://inv-dmp.admixer.net/dmpcnt.js?cntoid=c537fd3c-ec7e-49d5-b4bb-10a57417947a
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 3f47780ac6a0cd5da2d08e3d14d6c5fd05cb359a527f056bdf3a627dd814bfb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Mon, 12 Apr 2021 13:21:02 GMT
server: gcore
etag: W/"6074493e-515"
vary: Accept-Encoding
x-cached-since: 2021-12-08T08:10:35+00:00
content-type: application/javascript
access-control-expose-headers: content-range
cache-control: max-age=31622400
cache: HIT
expires: Fri, 09 Dec 2022 08:10:35 GMT

GET
H2 200 tag-manager.js Show response
cdn.admixer.net/analytics/ 28 KB
11 KB 601ms
23ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/analytics/tag-manager.js?m=data-from-dom
Requested by: Host: inv-dmp.admixer.net
URL: https://inv-dmp.admixer.net/dmpcnt.js?cntoid=c537fd3c-ec7e-49d5-b4bb-10a57417947a
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 044316373e018c29ee8a1138fdaac42494514f8f7da4e89da024de6d568a50f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Mon, 12 Apr 2021 13:21:02 GMT
server: gcore
etag: W/"6074493e-6e96"
vary: Accept-Encoding
x-cached-since: 2021-12-08T08:10:35+00:00
content-type: application/javascript
access-control-expose-headers: content-range
cache-control: max-age=31622400
cache: HIT
expires: Fri, 09 Dec 2022 08:10:35 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?t43.2;r;s1600*1200*24;uhttps%3A//vtemu.by/;h%u041F%u043E%u0434%u0435%u043B%u043A%u0438%20%u0441%u0432%u043E%u0438%u043C%u0438%20%u0440%u0443%u043A%u0430%u043C%u0438%2C%...
https://counter.yadro.ru/hit?q;t43.2;r;s1600*1200*24;uhttps%3A//vtemu.by/;h%u041F%u043E%u0434%u0435%u043B%u043A%u0438%20%u0441%u0432%u043E%u0438%u043C%u0438%20%u0440%u0443%u043A%u0430%u043C%u0438%2...

156 B
642 B

69ms
69ms

Image
image/gif

88.212.201.210
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t43.2;r;s1600*1200*24;uhttps%3A//vtemu.by/;h%u041F%u043E%u0434%u0435%u043B%u043A%u0438%20%u0441%u0432%u043E%u0438%u043C%u0438%20%u0440%u0443%u043A%u0430%u043C%u0438%2C%20%u043F%u043E%u0434%u0430%u0440%u043A%u0438%2C%20handmade%2C%20DIY%2C%20%u043C%u0430%u0441%u0442%u0435%u0440%20%u043A%u043B%u0430%u0441%u0441%u044B%20-%20vtemu.by;0.6633123786917698

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

HTTP/1.1

Server

88.212.201.210 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host210.rax.ru

Software

nginx/1.17.9 /

Resource Hash

a664e2cee23323ceda357142ba98df2861f14cad5776ada7d5a208685bb72c30

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:48 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 156
Expires: Tue, 02 Mar 2021 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:48 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit?q;t43.2;r;s1600*1200*24;uhttps%3A//vtemu.by/;h%u041F%u043E%u0434%u0435%u043B%u043A%u0438%20%u0441%u0432%u043E%u0438%u043C%u0438%20%u0440%u0443%u043A%u0430%u043C%u0438%2C%20%u043F%u043E%u0434%u0430%u0440%u043A%u0438%2C%20handmade%2C%20DIY%2C%20%u043C%u0430%u0441%u0442%u0435%u0440%20%u043A%u043B%u0430%u0441%u0441%u044B%20-%20vtemu.by;0.6633123786917698
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Tue, 02 Mar 2021 21:00:00 GMT

GET
H3 200 135.jpg
vtemu.by/wp-content/uploads/2015/02/ 60 KB
61 KB 25ms
23ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2015/02/135.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e41e464197be6ca663b4077199a18711015653d0af3e3ddf009c6949129a0760

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 242
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 61824
last-modified: Thu, 09 Jun 2016 17:24:27 GMT
server: cloudflare
etag: "5759a64b-f180"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VmUrGEA%2BWhymB%2B%2Fd11cWoJ1ORc3SlUbh4PrMp9AWmaZUO%2Fh4PKW%2BpFUasJJfFHy7orEJMTttonyYlDCpTpBLE2gHtezpRKv1RyepjR99lFCNq7%2FPfUiI4moqIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c70cde9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:09:46 GMT

GET
H3 200 0000000000-1.jpg
vtemu.by/wp-content/uploads/2022/03/ 162 KB
163 KB 201ms
200ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/03/0000000000-1.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a1d9a8ddb6c467ec06fe683cabb081fa49dfacce9f1505ea70f4405d62bbd5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 166215
last-modified: Tue, 01 Mar 2022 23:25:44 GMT
server: cloudflare
etag: "621eab78-28947"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1XU5bkyzl%2Bx82bolam5dSGerslWzu%2BnkhJPFvh6nsH3UVXDkIlh8VZn%2FQTDjM%2BsokdJL%2FBD36FU6Ay%2F1DHnesB66nxu7Cvp%2Bcn6nNObCsFiHPfoZX266PeiQBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c70ce09124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 00-2.png
vtemu.by/wp-content/uploads/2021/02/ 109 KB
110 KB 17ms
15ms Image
image/png 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/02/00-2.png
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5b90dab838368913f31c96f10a37af46e1a745d83ed8e66a6cc6df873d1a444

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 114786
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 112025
last-modified: Sun, 21 Feb 2021 16:30:46 GMT
server: cloudflare
etag: "60328ab6-1b599"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tq%2BLI0a9hL7zinYyjSuyY%2FuacEhEIjQN12Dh2EfP%2FhjASfSzE1TmTcYe0rajrUO6eiJEKlGekMeMaDS6r9euq1ah97D2U1DlaiedeQ6ijuqgdTwQpclBPZtchQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c70ce39124-FRA
x-beget-proxy: stan.beget.ru
expires: Fri, 01 Apr 2022 04:20:42 GMT

GET
H3 200 0000000000.jpg
vtemu.by/wp-content/uploads/2022/03/ 230 KB
231 KB 242ms
240ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/03/0000000000.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c26fa0afd1139b9e7f1c022f2722c2398f3bfb99f79f141060595bccd069fca5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 235876
last-modified: Mon, 28 Feb 2022 23:18:04 GMT
server: cloudflare
etag: "621d582c-39964"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IlARt8VxvNEhB%2FmoJoFgLMqWuu2H4hJ%2FPQtYfa%2B0PVKHzDPSveJVypKu7UlaAvYkmvRfhKS0iIZrFfXc4uvz96XHL8VnKpDHlWOfPQ%2BlKgzo2FxqiJVthw5RfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c70ce59124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 1-3.jpg
vtemu.by/wp-content/uploads/2021/03/ 85 KB
85 KB 214ms
212ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/03/1-3.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 856f0bcbe3b6a4ea9aa068c1362a1f980134552b57ad759aaf24e2cf70c82867

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 86541
last-modified: Mon, 01 Mar 2021 15:25:36 GMT
server: cloudflare
etag: "603d0770-1520d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqI3Z7U2ofQ6WuiS1oFqS7xx%2FicrjuLquphkyYDm9y2%2BkIFQUhucQwmAyUwEG0s5VX4BzjwBrS7KkLnckjNeCJfYim6ihfe8U0GZzJUk5cmNgPwpPpIwXjGrTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c70ce79124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 009.jpg
vtemu.by/wp-content/uploads/2014/07/ 404 KB
404 KB 203ms
202ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2014/07/009.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85525bde5fe2388b09187e219a3eef1520733256e656c5d5fa9b3d71e8fe866e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 413353
last-modified: Sat, 18 Jun 2016 00:06:57 GMT
server: cloudflare
etag: "576490a1-64ea9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJGlyXBRcT1QmpU0TDgV0WAoCB2XGa8ovHrItb3wR4jEA4aYDCoF8azzAq5L%2FRKKl4j%2FNl8oknzuVOzbiNoJwKf4TI7hqbZxK085yaTH2Dp34PNvhxl818HI3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c70ce99124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 136.jpg
vtemu.by/wp-content/uploads/2013/11/ 56 KB
56 KB 22ms
21ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2013/11/136.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03aa3e84599be06f456bec3d51ab6208ee1452cf03e5de34f89ced55a81b6128

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 240
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 57194
last-modified: Sat, 18 Jun 2016 03:59:51 GMT
server: cloudflare
etag: "5764c737-df6a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3idcNS5g27%2FWdgOH9VEjxNvqoj7jbZi26qCE9riGL67kGwrU7D7Oxnem3s7T6kZHKJ7dapNQPUd1OkAMvKkYSm%2BiZE2uJ0exRDeEZqn3DS1s341K8gLeCwlItg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c70cea9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:09:48 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
434 B 58ms
19ms XHR
text/plain 2a00:1450:400c:c0a::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-7662390-15&cid=9797760.1646309628&jid=1911212080&gjid=51163438&_gid=1113006692.1646309628&_u=aGBAAAAiAAAAAC~&z=953878420

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://vtemu.by/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 03 Mar 2022 12:13:48 GMT
content-type: text/plain
access-control-allow-origin: https://vtemu.by
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 138 KB
49 KB 148ms
69ms Script
application/javascript 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

c1922061e01300c6b8d0e9a9dbc638c2eb7b2f5cf9e7690791bf7be4dd8733d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: br
last-modified: Fri, 18 Feb 2022 11:36:57 GMT
etag: "620f5aa9-c3d1"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 50129
expires: Thu, 03 Mar 2022 13:13:48 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1545281597&t=pageview&_s=2&dl=https%3A%2F%2Fvtemu.by%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D0%BE%D0%B4%D0%B5%D0%BB%D0%BA%D0%B8%20%D1%81%D0%B2%D0%BE%D0%B8%D0%BC%D0%B8%20%D1%80%D1%83%D0%BA%D0%B0%D0%BC%D0%B8%2C%20%D0%BF%D0%BE%D0%B4%D0%B0%D1%80%D0%BA%D0%B8%2C%20handmade%2C%20DIY%2C%20%D0%BC%D0%B0%D1%81%D1%82%D0%B5%D1%80%20%D0%BA%D0%BB%D0%B0%D1%81%D1%81%D1%8B%20-%20vtemu.by&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAAAjAAAAAC~&jid=&gjid=&cid=9797760.1646309628&tid=UA-7662390-15&_gid=1113006692.1646309628&_av=2.4.0&_au=20&did=i5iSjo&z=105844240

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 21:50:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 51782
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 40ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,300,700&subset=latin,cyrillic

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 12:13:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 12:13:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 12:13:48 GMT

GET
H3 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ 118 KB
20 KB 55ms
33ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 27158814
cdn-cachedat: 2021-04-23 05:19:26
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: ea263b1a0de5df76db4de25cdfdf1cf6
cf-ray: 6e6249c768c73743-MXP
cdn-requestcountrycode: EG
cdn-requestpullsuccess: True

GET
H3 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/ 21 KB
5 KB 72ms
51ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 718, 718
age: 27158972
cdn-cachedat: 2021-04-23 05:21:01
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: c783b65627fe9edcb9253bc1edff51e2
cf-ray: 6e6249c768c23743-MXP
cdn-requestcountrycode: EG
cdn-requestpullsuccess: True

GET
H3 200 style.min.css
vtemu.by/wp-content/themes/vtemu_v202112_adm/ 27 KB
17 KB 17ms
17ms Stylesheet
text/css 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vtemu.by/wp-content/themes/vtemu_v202112_adm/style.min.css
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 782c0fc003470391c54aa93ea90202655cca2db5d71e7d927935583a648f6dd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 526730
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 10 Dec 2021 08:01:08 GMT
server: cloudflare
etag: W/"61b30944-6afa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GLooMZQ%2B3lrIBK0uq7mvUDj2Tx80lwyRtNWEyFqtRDCn7xJj0mmdRDwqop2TYO0SEczKw50txqhdsqbMvEnXWOkfvj0MyqznUb5Gww02KlTqmzg%2B0794u%2FtIRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=604800
cf-ray: 6e6249c74d569124-FRA
x-beget-proxy: stan.beget.ru
expires: Fri, 04 Mar 2022 09:54:57 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202240101/ 291 KB
105 KB 50ms
35ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3990490331531652&plah=vtemu.by

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3990490331531652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e2f40ae4ba6bad05d3ba12d55bfb46f16d5d0903fbdcf85df626797f8368aca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107197
x-xss-protection: 0
server: cafe
etag: 11359949791839078890
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 03 Mar 2022 12:13:48 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220301/r20190131/ Frame 072A 10 KB
5 KB 30ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220301/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3990490331531652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Thu, 03 Mar 2022 01:42:40 GMT
expires: Thu, 17 Mar 2022 01:42:40 GMT
cache-control: public, max-age=1209600
age: 37868
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
14ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1545281597&t=pageview&_s=1&dl=https%3A%2F%2Fvtemu.by%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D0%BE%D0%B4%D0%B5%D0%BB%D0%BA%D0%B8%20%D1%81%D0%B2%D0%BE%D0%B8%D0%BC%D0%B8%20%D1%80%D1%83%D0%BA%D0%B0%D0%BC%D0%B8%2C%20%D0%BF%D0%BE%D0%B4%D0%B0%D1%80%D0%BA%D0%B8%2C%20handmade%2C%20DIY%2C%20%D0%BC%D0%B0%D1%81%D1%82%D0%B5%D1%80%20%D0%BA%D0%BB%D0%B0%D1%81%D1%81%D1%8B%20-%20vtemu.by&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACUAjBAAAAC~&jid=1320620494&gjid=1555764639&cid=9797760.1646309628&tid=UA-7662390-15&_gid=1113006692.1646309628&_r=1&gtm=2ou2s0&did=i5iSjo%2CdZTNiMT&gdid=dZTNiMT&z=776249885

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://vtemu.by/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://vtemu.by
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 001.jpg
vtemu.by/wp-content/uploads/2015/07/ 25 KB
26 KB 20ms
19ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2015/07/001.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3dfe49282dc9e6c7eca6ac18ea0481256487cb4df5c997416a755c22b595f08

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 240
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25809
last-modified: Fri, 17 Jun 2016 15:26:15 GMT
server: cloudflare
etag: "57641697-64d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6o4fZxmQiELkCiaQ8BA8mKEn2TP39h8mA8GsXS86GX1CTzodmVK7j2wrdVP5t7FD5aEEWJojK10oaAZmr2mShIbbKfMHTR98N6xIqtVRwuyNxZdQAMhtYlpIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c7ae3d9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:09:48 GMT

GET
H3 200 000.png
vtemu.by/wp-content/uploads/2021/03/ 176 KB
176 KB 224ms
223ms Image
image/png 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/03/000.png
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: daedaaa8de6dcca996e06b636b415ad25072ddc1a575d88fe6592021118065b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 179817
last-modified: Wed, 03 Mar 2021 14:37:42 GMT
server: cloudflare
etag: "603f9f36-2be69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3RbIW1LI4N%2B08VWCroGNrBmk1Rhopp8Rad5fWy%2BmwlTgsKTeZVyQ7ZbRmkq6hvdhPV6GmmdOjUxPw%2F03ATWrYtkcLy0iwhSuAK%2Bor7ZPJkWe84DEJmNH2Pbnrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c7ae3f9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 00-1.jpg
vtemu.by/wp-content/uploads/2017/08/ 17 KB
17 KB 174ms
173ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2017/08/00-1.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6fc00355d49fab149cbc59624ed4b40fe11443395e827722f47b776d1b82810

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17345
last-modified: Tue, 22 Aug 2017 22:20:12 GMT
server: cloudflare
etag: "599cae1c-43c1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jAp0prK82a5iU0PGFxySQf8ltw64%2Bj7fKEUtu6XJVSzJky7D9hCvSNp%2FtpO4MoYmsf2vhBNoxBgBQxygKyq%2BgA3g%2BlhpMxBHf90zwyiXT7GTzi00V8WG73yhAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c7ae419124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 000-6.jpg
vtemu.by/wp-content/uploads/2022/01/ 92 KB
93 KB 199ms
198ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/01/000-6.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a4f9ef1219b6405766e71029bacde95beae605f52416b15ddbf6cf189551203

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 94467
last-modified: Wed, 26 Jan 2022 22:37:23 GMT
server: cloudflare
etag: "61f1cd23-17103"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mLGt9kd1b1lQLyYcaEdFJyvwNffYdy4X%2FPocLpAc%2BjZ7%2BaliQaOCMSnWOnH%2FH3GoZNPan%2FWNw4z97%2BcG%2BoR%2FQlCD0NTlWy3HIHNhsMjHeIne6QNfKhC0ZR%2BsPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c7ae429124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 40ms
20ms XHR
text/plain 2a00:1450:400c:c0a::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-7662390-15&cid=9797760.1646309628&jid=1320620494&gjid=1555764639&_gid=1113006692.1646309628&_u=aGDACUAjBAAAAC~&z=1835661310

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://vtemu.by/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 03 Mar 2022 12:13:48 GMT
content-type: text/plain
access-control-allow-origin: https://vtemu.by
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fpdata.js Show response
gaby.hit.gemius.pl/ 277 B
391 B 26ms
26ms Script
application/x-javascript 146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaby.hit.gemius.pl/fpdata.js?href=vtemu.by
Requested by: Host: gaby.hit.gemius.pl
URL: https://gaby.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: 54e04099db8c09e68eeaa19b67e0ccbbfbe44ac7008cc81d2da30e4231be9b9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 277
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v29/ 9 KB
9 KB 39ms
16ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,700&subset=latin,cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

053508cc4ed1acf7db8ed96deca42ffebfa1669c5cecd62f4415b926d07b5aaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://vtemu.by
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 18:07:18 GMT
x-content-type-options: nosniff
age: 65190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:33 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Mar 2023 18:07:18 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,700&subset=latin,cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://vtemu.by
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 65849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Mar 2023 17:56:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/ 9 KB
10 KB 36ms
14ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,700&subset=latin,cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://vtemu.by
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 04:11:53 GMT
x-content-type-options: nosniff
age: 547315
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 25 Feb 2023 04:11:53 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 28ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,700&subset=latin,cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://vtemu.by
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 09:48:03 GMT
x-content-type-options: nosniff
age: 527145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 25 Feb 2023 09:48:03 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame A688 5 KB
3 KB 88ms
26ms Document
text/html 146.59.30.108
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gaby.hit.gemius.pl
URL: https://gaby.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.108 , France, ASN16276 (OVH, FR),
Reverse DNS: ip108.ip-146-59-30.eu
Software: GHC /
Resource Hash: 8dbeeb184bff5ab8e36490faba5df9bb36edf6526c66221a615f9ed2ad279e69

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
expires: Sat, 02 Apr 2022 12:13:48 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2719
content-encoding: gzip

GET
H3 200 000-3.jpg
vtemu.by/wp-content/uploads/2022/01/ 140 KB
140 KB 255ms
252ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/01/000-3.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebe1167f76f37430322765732dda6b02e2991c6fd2606efbe7291b2114f6e39b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 142903
last-modified: Wed, 19 Jan 2022 23:28:30 GMT
server: cloudflare
etag: "61e89e9e-22e37"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DP0XSKtoiQ6BXwi7UY7PEkcegadYHZ%2B0eB652v35CGGksOVKhcBSBX1DcpqCWHcvud3y7mf1%2BNUKwQwFTnBwDu0PTXIiiT2vuD0TKVpi18wqMQo70vK0biY2IA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c81f339124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 1-8.jpg
vtemu.by/wp-content/uploads/2022/01/ 35 KB
36 KB 165ms
161ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/01/1-8.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 038340c4c537e60b58ed40ebe27dfe892c3ae4dea096e57655a70c535bd010c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35795
last-modified: Wed, 19 Jan 2022 22:26:39 GMT
server: cloudflare
etag: "61e8901f-8bd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sCAHzerkLkb920iGj6cZ%2FHm%2Fi1LFxOcvX8pP6DSp4ss1gF7EZA3Brcnji6fz17Dva3NRL831ZqdQP8xX5V04qZD6Xqdb6eCOmoKUnLXFttGcmXnTYr03IffB%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f399124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 8-6.jpg
vtemu.by/wp-content/uploads/2022/01/ 40 KB
41 KB 195ms
191ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/01/8-6.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17a3825811d24d1e6476ef79b0cde7735aa6fca74ac5b5fde8b55f0c3e2d0cfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 41318
last-modified: Sun, 16 Jan 2022 22:59:24 GMT
server: cloudflare
etag: "61e4a34c-a166"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRKCOqAv0l234C2kxFNOfYJxey%2BbrI1djjEImWtliI1HvnEvZDVwQio1rep%2FTlq8v7NsqwkHTZxWq%2Fx2mfCNvjATh8aMFdXsjCr%2BSK%2FXF3yuvTm46BqkOSOC7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f3e9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 111-1.jpg
vtemu.by/wp-content/uploads/2021/12/ 39 KB
40 KB 197ms
193ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/12/111-1.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80e04ad417042b77fd3d538cd894e12872930eff18ede2f3b04633e17bbba0f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39895
last-modified: Wed, 15 Dec 2021 22:31:49 GMT
server: cloudflare
etag: "61ba6cd5-9bd7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qHj9qxBoPLBoUKEgzQ%2FQGj7i82msb2mjNkSwPWqrfZXSsaU1uxpnA6OY1R%2FnNbS43zA1txbYjmXJfvbbYhkKuhIs3qH8BAeFIznvHkiX3DjaCM%2FkMq9Ee7A0Yg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f429124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 20-8.jpg
vtemu.by/wp-content/uploads/2016/02/ 136 KB
137 KB 233ms
229ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2016/02/20-8.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65a59f413b63a7ba94f8ab4c1bbb362e45a3b4ace2fc998a7fadb8b5a3899de6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 139473
last-modified: Thu, 09 Jun 2016 11:47:40 GMT
server: cloudflare
etag: "5759575c-220d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EoowAjbbCkKcRXqL%2FYkCc6yF8WQ%2FtfSowi%2B20KS8cuSk4bAL9uUiNgtGgjlNv0vyLMZqnkfnc3yDIm32fam15mbPlCJBH2fCo2%2FgHFrf%2B8lwz5l5y%2FVbbQHWpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f449124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 2-5.jpg
vtemu.by/wp-content/uploads/2022/02/ 46 KB
46 KB 285ms
281ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/02/2-5.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9738357b212572b9c0ac378a344eb6769e475b0c8ad238b0936f33cd639331a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 46740
last-modified: Mon, 14 Feb 2022 22:19:17 GMT
server: cloudflare
etag: "620ad565-b694"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rpQoOCTD6NZ3DJ1ZAmpgL2gcYHC2PwWr1R%2Bu9hPC%2FmMId5K6XN0w7kD%2FjrjWrtv9Dj2aaWcgNnAxpmMGXrhcjptrY0dJfqi1gSqEmWNGo8ov6lIDYLXfjVlb1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f469124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 000000-6.jpg
vtemu.by/wp-content/uploads/2021/08/ 40 KB
41 KB 205ms
202ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/08/000000-6.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5d4a2d5c986dedf50542d5cb0d49a46f69cdaee753bdfb4a879cbbdfc5f2ed2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 41194
last-modified: Fri, 13 Aug 2021 23:49:41 GMT
server: cloudflare
etag: "61170515-a0ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVGzCFMrG4Ildz%2BPusW6IT5OynSdkX%2FcEmaTxMY58PybihNWnqt7J9TtQqAnL645vlw3StdtQmRrwdFgXEXfwZdwmENOLMYZfuExkLTaYaxUmiT3AKE6Zn5OOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f479124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 0000-12.jpg
vtemu.by/wp-content/uploads/2021/05/ 287 KB
287 KB 225ms
222ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/05/0000-12.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b41c82de64d18c7655cbc35cd51c71d982920d177d6f98b67996689207b0264a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 293631
last-modified: Sun, 16 May 2021 22:38:07 GMT
server: cloudflare
etag: "60a19ecf-47aff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SH55%2F%2FuwotzEtcdI1rcWz7DOW6BOQVD3S7SQ4gOe1l%2FvEtHer9cTCHiNkw1rEZArDBWGxfK2E%2F7AdtZ8SVNwCZgJgc5lKbLIHMec4AnTAVz98yzknrMoxEuMMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f489124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 1-15.jpg
vtemu.by/wp-content/uploads/2021/03/ 143 KB
143 KB 231ms
228ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/03/1-15.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b1ec2d29d135e42f30a47c65d05181b15f152f4cb6fd79c26fcd496ff99cf22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 146151
last-modified: Wed, 10 Mar 2021 21:58:54 GMT
server: cloudflare
etag: "6049411e-23ae7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYdBuGngYHMCD%2B7fvPjS2JJOfZjNAwUCZKFrJQ85jBZqBdcZ76iv1CBrZkCQIH4gWcmO%2F%2B0x4YZrf8vkkckERBSsIeng036Fz8HNt2fJeQQGf7T2sSlE8dbbPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f4a9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 01.jpg
vtemu.by/wp-content/uploads/2014/06/ 94 KB
95 KB 218ms
214ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2014/06/01.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04e30e86c7aa6d6b4293ee45a163dc0a4746347d405c000068f76495d648905e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 96255
last-modified: Sat, 18 Jun 2016 01:45:56 GMT
server: cloudflare
etag: "5764a7d4-177ff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BmIegUOfwPcBm1Lbn272wFSst1SpkcGmnOcX8Z%2BXA%2B%2Fqixl90VOwVBRLmUC1f4jqBGu3u3tVVM8dPN21VggmJhn5lXFdTqQjzhr%2F%2BYrwSwc98CO%2FAbBlbDQxJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f4d9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 042.jpg
vtemu.by/wp-content/uploads/2014/04/ 111 KB
111 KB 211ms
208ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2014/04/042.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c93729aca3446072e5231cd63e2d3bbb1482197d4328d7a02cd2b018d02b6fda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 113279
last-modified: Sat, 06 Feb 2016 23:36:17 GMT
server: cloudflare
etag: "56b68371-1ba7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1oAhCTHWJoKIEI07va0SstovmJLb1ryWZXeUeAI8kz4lVDjLgQ2WHtQlm6MzgpbEioKbovs%2BkHA2w2RpaTEnZ5E%2FvU20EiWWBKa01anNQoeFOe4OM2f0cF74A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f4e9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 000-6.jpg
vtemu.by/wp-content/uploads/2020/07/ 45 KB
45 KB 206ms
203ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2020/07/000-6.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7990aa307f60a093ffdc6611f0b4e4ed8d73a11401b7aa6495141045794859b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45602
last-modified: Sat, 18 Jul 2020 22:42:16 GMT
server: cloudflare
etag: "5f137ac8-b222"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yi0Dl5HLH27dgRh13haAM2KcKJecfdyiWOjb4%2Fhx2XUqQH6pDYyS0txaSNa7kmo9iuER4dTmNgeY%2B8X3zvcDRebdD5IhLsXtye3%2FtBjgFlk0IXllni9Wlop%2FXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f509124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 %D0%A1%D0%B5%D0%BA%D1%80%D0%B5%D1%82%D1%8B-%D1%85%D0%BE%D1%80%D0%BE%D1%88%D0%B5%D0%B9-%D1%84%D0%B8%D0%B3%D1%83%D1%80%D1%8B.jpg
vtemu.by/wp-content/uploads/2013/03/ 26 KB
26 KB 198ms
194ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2013/03/%D0%A1%D0%B5%D0%BA%D1%80%D0%B5%D1%82%D1%8B-%D1%85%D0%BE%D1%80%D0%BE%D1%88%D0%B5%D0%B9-%D1%84%D0%B8%D0%B3%D1%83%D1%80%D1%8B.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ac21915effeb4932e4c39ae850b34f9fc234256256fe755345fb0157ec609a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26353
last-modified: Sat, 18 Jun 2016 05:53:30 GMT
server: cloudflare
etag: "5764e1da-66f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cl5P%2Byu6pElaiRYxprfpQnxE5ilIVpNioBjI0B9s7mO5SB%2BmeSnXDwzHgobqe3k%2BLdeO%2Bcn7v0xiPEtBFttLcaNeltUNbkTfJ1f8BthdJSEFXIrG0Ob906lO4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f519124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 000-13.jpg
vtemu.by/wp-content/uploads/2022/02/ 259 KB
260 KB 274ms
270ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/02/000-13.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e40ba2f19ed793ad50888dc1c7bee28d8e366c07f0372d5aca7592291cdfc5f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 265172
last-modified: Fri, 25 Feb 2022 23:49:16 GMT
server: cloudflare
etag: "62196afc-40bd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BrX7s5ZBwCNG4T7R7%2FIeTS8MW7XjZknicmzZVSpLdj%2F8lAoFJgZbXpT3ECi%2Fpculw53%2B%2F5laKOU1XzFN40yHred%2FDUwqKkysYA8heeDGPVjuYQ82164chKc27g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f549124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 5-9.jpg
vtemu.by/wp-content/uploads/2022/02/ 87 KB
87 KB 212ms
209ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/02/5-9.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e73412af84a77481ceaf2f534cb0e9f2db29d9326286380d1f736aacd65f9188

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 88759
last-modified: Sun, 20 Feb 2022 22:50:57 GMT
server: cloudflare
etag: "6212c5d1-15ab7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Br1gcAjH5Vk1cesj7NLL9twTBQi18HWnhm1AvJuV2NB5jXrYC7h5pW1qzEJmw%2Fe4N9ilBfC%2FcqU%2BTbdwOAHSEQNH8I3EjBPkL27ChRpR0TmLs8f4tRJ0M5ijtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f559124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 8-8.jpg
vtemu.by/wp-content/uploads/2016/02/ 514 KB
514 KB 275ms
272ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2016/02/8-8.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b85bf593e71eca6beb1190cb32aca4e19f9d48dc10ba63dd57a826c3d154d4ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 525992
last-modified: Thu, 09 Jun 2016 12:13:29 GMT
server: cloudflare
etag: "57595d69-806a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWjEyo9r8Td2DpuBNaTbcmq%2F96ko6rv31602WN7MvjO5UQpg3JzNHHcnA7bSJhfg2fX75teT16R8nyNQ8ZVqZV%2FB9%2BkKdLSXb9jglQ%2Bl2cRFCXWAbXa6i0rOsg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f579124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 10-2.jpg
vtemu.by/wp-content/uploads/2016/02/ 322 KB
323 KB 249ms
245ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2016/02/10-2.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6404933dd4d0608c814a9a7e21cab1db1e35ba4fd08b337385b242e3d133c366

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 329677
last-modified: Thu, 09 Jun 2016 12:15:08 GMT
server: cloudflare
etag: "57595dcc-507cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThS5r67tbYAIShrUbESGN26uYBvR1mCpwIfBCxDgxKrAy1tlIYPDlqbVrQYatEUGHc1mDR%2FPRZoJ1HRlE7QKO7j45DaBipY5ws1Xl%2BiOFCmORxKNikoG86GhFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f589124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 000-5.jpg
vtemu.by/wp-content/uploads/2022/02/ 120 KB
121 KB 372ms
369ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2022/02/000-5.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b72884610fb05a2e041207a50312061d015c79332695bbaa9c0abc261230534

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 123037
last-modified: Thu, 10 Feb 2022 22:36:20 GMT
server: cloudflare
etag: "62059364-1e09d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UMrVXjvpRp7SRznwwuBws3ZurzA0oPNCLdM9lpHayqKdac1lUTNJp3cN069xWQr9j7y9piIxE%2FsBDTUWIBdEGrbA2MdrK4WiQ4THLWpJ0rpW%2BES%2FoOCCLTSj0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f5a9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 0009.jpg
vtemu.by/wp-content/uploads/2021/04/ 98 KB
98 KB 20ms
17ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/04/0009.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d18d7f2c01ab9ff16a43b0550581cbff0a8a0273c429508b7cbcc02d9fc2337

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2528
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 100233
last-modified: Fri, 09 Apr 2021 23:31:18 GMT
server: cloudflare
etag: "6070e3c6-18789"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ob9btxyFPq3WsxYUBSojjUkHqig6NnRiba%2FeO%2FKtJ8VYpvPJo40jaKKWgopu7v7u7JvYA7YBicV78RV7Ep08QQ1bzvIXVy085PdOCzWuWXJS1ALQSX1JjFZlpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f5c9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 11:31:40 GMT

GET
H3 200 000-8.jpg
vtemu.by/wp-content/uploads/2021/03/ 99 KB
100 KB 384ms
381ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/03/000-8.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec796bac75c6403ef3b4a3492e71e3897c0e68e61b19cf82557e58b38886f1ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 101708
last-modified: Fri, 05 Mar 2021 11:21:46 GMT
server: cloudflare
etag: "6042144a-18d4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYz%2Fo59i0BlhMFL7HLIE5NIkM1mCSa4g95YmdbbpR%2BnWJP%2BzG1raAzIl2WE9cV5soJ205Hc4FZpEGyp55%2FssAKT4iUgHFlbxENaDDQtF5Is%2FiApSPlju4ESBSw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f5f9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 371.jpg
vtemu.by/wp-content/uploads/2015/02/ 64 KB
64 KB 226ms
223ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2015/02/371.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 004e39eccc0c3c725e9185c2afac1a7db4d418c0a370f9babbc6ca4e5815b496

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65170
last-modified: Thu, 09 Jun 2016 17:10:26 GMT
server: cloudflare
etag: "5759a302-fe92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6WrPwSfgJi7eNR4GYlDK2mE9yEOsjM672pVoUUWeUGjm2s53lSSX5UfsQZlSe8gTN0x6t%2B3VFW%2FxbqVNGt8rcFQPA3DaCXOYyZ1QIyZWP2e%2BQu0q8qu%2BHKCO5w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f619124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 12-2.jpg
vtemu.by/wp-content/uploads/2021/03/ 113 KB
113 KB 22ms
19ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/03/12-2.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 811ec5131fa96390d2d267b734b2f1472dea341870d239d6163c408f38bf3fa8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3612
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 115424
last-modified: Thu, 04 Mar 2021 14:16:00 GMT
server: cloudflare
etag: "6040eba0-1c2e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J8jgfq%2BWEfQ3vxm9gQ%2FW%2BMfe3SzCl4SaPNdrAOSK3TeccOOMylgqBLauZpIw2seUpzyWsRYwlLKTF6OIN%2FDvBinvmFFNdEBUEujsMuOnJfMdfGE%2BbUVEK%2B8eBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f629124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 11:13:35 GMT

GET
H3 200 0-8.jpg
vtemu.by/wp-content/uploads/2016/02/ 93 KB
94 KB 225ms
222ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2016/02/0-8.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a50b19006261880dcb01654fef3c38d596d279328b0eebe22619974ba7bb4121

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 95563
last-modified: Thu, 09 Jun 2016 12:11:36 GMT
server: cloudflare
etag: "57595cf8-1754b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f0zECUnIsiUxCSOL2BY8ffR5RbNoFC7NBQYMJQ%2FCgDb6WW3FGsy3LeaW3Wl1g54Y1nBTWweeECYNvq73UCbt819np%2FDungOUcnz8MzTOq7ZD196mhnIL%2FV1I0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f639124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 1.jpeg
vtemu.by/wp-content/uploads/2015/10/ 88 KB
89 KB 396ms
393ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2015/10/1.jpeg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a1b39c22a80b0f4b63d44fd10a62463aebf25150365b3855f3aa43622ce38d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 90412
last-modified: Tue, 01 Feb 2022 21:07:47 GMT
server: cloudflare
etag: "61f9a123-1612c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52U1CZrIjuSRKM3elrVdRCxwyUBDplQVDMoMq%2FvWtnAu%2B50fspepXryULp6p9CHCkfuH4j7v7dnVv7ibzfUVOdAyEchgeMm%2FLoGoNSUP%2BdmIGwhxJ%2F7aDUx%2FoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f659124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 00-1.jpg
vtemu.by/wp-content/uploads/2017/01/ 52 KB
53 KB 217ms
214ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2017/01/00-1.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b70192acfba0b12d611e3160ad360d99ce43967f8fc4ff5d1f725f436f08ea8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 53358
last-modified: Sun, 15 Jan 2017 00:19:46 GMT
server: cloudflare
etag: "587ac022-d06e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aPYNjxHvoMAFW7OztWcDhX0ssHcTHHpfN39CA3U1AfLvo85AW3M%2BtxuXQR8NVAaqivlyE4LnSrWdM0QLUpYv0tcGrfKkZ94jFc13guepuDMe5yuHt0lG3DA4tA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f689124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 00-9.jpg
vtemu.by/wp-content/uploads/2021/05/ 89 KB
89 KB 410ms
408ms Image
image/jpeg 104.21.78.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtemu.by/wp-content/uploads/2021/05/00-9.jpg
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.78.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7be92806c1f8b3c3e932fcde5c22b9db2042c01c5710e9b9f69b80c5009ca987

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 90959
last-modified: Fri, 14 May 2021 14:05:48 GMT
server: cloudflare
etag: "609e83bc-1634f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qTaIa9DBzCJ8V1W7RUkfsKe3j488PfpCi2g8IDYl1ZPvk24peg3l42eQQ0AimzeBKxF7vf0LX%2BMFJ0TU3pNn5Q2UW%2BvDYB4oEwiny%2Ff7IqONgeun26nkAFo7ig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6e6249c82f6b9124-FRA
x-beget-proxy: stan.beget.ru
expires: Sat, 02 Apr 2022 12:13:48 GMT

GET
H3 200 fontawesome-webfont.woff
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/fonts/ 64 KB
65 KB 82ms
47ms Font
font/woff 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
Origin: https://vtemu.by
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 722
age: 361857
cdn-proxyver: 1.0
cdn-cachedat: 11/05/2021 23:13:42
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65452
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 6958be2008845c3d86001b6a535d55bd
accept-ranges: bytes
cf-ray: 6e6249c8bd163753-MXP
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 212 B
641 B 68ms
16ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=vtemu.by&callback=_gfp_s_&client=ca-pub-3990490331531652

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3990490331531652&plah=vtemu.by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

15566c599cc95d056a256583fb9abaa6b94615f399f9e6584c992193de64ecba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 54ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=vtemu.by

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 54ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vtemu.by

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8C7F 196 KB
50 KB 799ms
771ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&adk=1812271804&adf=3025194257&lmt=1646309428&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fvtemu.by%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309628050&bpp=2&bdt=172&idt=170&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=343392690677&frm=20&pv=2&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=203

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0a11f6009ed51c6150333558b46bc4281557d1b510c2ffd9cb608dcb59441b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
content-length: 51235
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 12:13:49 GMT
cache-control: private

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9566.jQyJgxk6VKAlXgv19vxIniBwzd2akmmmpB2jE4hQken6mqJMXNFaw7XMwMNB5Ryg.YbozUFEwryvavAHbDCn-AZ7Ytrc%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9566.HlSixRSnKtDGP96Nsa5z3OlFiROHf77afCpaZ4LRPLcx5igW1tUqDHRTYpxBcllb4LSUcdsw3l0p1Pi_bBt5xw%2C%2C.QncDtrwPSgbFpMPTmLNQSfLN8Q8%2C

75 B
75 B

35ms
34ms

Image
text/html

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9566.HlSixRSnKtDGP96Nsa5z3OlFiROHf77afCpaZ4LRPLcx5igW1tUqDHRTYpxBcllb4LSUcdsw3l0p1Pi_bBt5xw%2C%2C.QncDtrwPSgbFpMPTmLNQSfLN8Q8%2C

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9566.HlSixRSnKtDGP96Nsa5z3OlFiROHf77afCpaZ4LRPLcx5igW1tUqDHRTYpxBcllb4LSUcdsw3l0p1Pi_bBt5xw%2C%2C.QncDtrwPSgbFpMPTmLNQSfLN8Q8%2C
date: Thu, 03 Mar 2022 12:13:48 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
112 B 35ms
35ms Image
image/gif 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
last-modified: Fri, 18 Feb 2022 11:36:57 GMT
etag: "620f5aa9-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Thu, 03 Mar 2022 13:13:48 GMT

GET
H2

200

rexdot.js Show response
gaby.hit.gemius.pl/__/_1646309628341/
Redirect Chain

https://gaby.hit.gemius.pl/_1646309628341/rexdot.js?l=100&id=zCFFLPf79UsOj0a1IAVhlGYTP_2Bnu__xMy3zzzAQ8r.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fvtemu.by%2F...
https://gaby.hit.gemius.pl/__/_1646309628341/rexdot.js?l=100&id=zCFFLPf79UsOj0a1IAVhlGYTP_2Bnu__xMy3zzzAQ8r.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fvtemu.by...

169 B
423 B

91ms
89ms

Script
application/x-javascript

146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaby.hit.gemius.pl/__/_1646309628341/rexdot.js?l=100&id=zCFFLPf79UsOj0a1IAVhlGYTP_2Bnu__xMy3zzzAQ8r.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fvtemu.by%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=211&lsdata=OYQRVIpHpnf3aeP1rJ_bdrG149.g780oBI9bokxjP9r.b7vr9mZxkUgeOqel4nB4XS502LstTsAABX5o.lHlALw0EK3s/qIYiaEwJsT8iD/&fpdata=myphTIVgyWNL336y8YFxPVk0WTzpas7W9bKiFydF1gr.B7&vis=1&fpcap=
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H2
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: ee3bf956f1f6ad1b9b2060dcf3d6b18d68015d9da99b360e4963b2f0f4c9c960

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:48 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 169
expires: Wed, 02 Mar 2022 12:13:48 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:48 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1646309628341/rexdot.js?l=100&id=zCFFLPf79UsOj0a1IAVhlGYTP_2Bnu__xMy3zzzAQ8r.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fvtemu.by%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=211&lsdata=OYQRVIpHpnf3aeP1rJ_bdrG149.g780oBI9bokxjP9r.b7vr9mZxkUgeOqel4nB4XS502LstTsAABX5o.lHlALw0EK3s/qIYiaEwJsT8iD/&fpdata=myphTIVgyWNL336y8YFxPVk0WTzpas7W9bKiFydF1gr.B7&vis=1&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 02 Mar 2022 12:13:48 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/22270396/
Redirect Chain

https://mc.yandex.com/watch/22270396?wmode=7&page-url=https%3A%2F%2Fvtemu.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A521%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US...
https://mc.yandex.com/watch/22270396/1?wmode=7&page-url=https%3A%2F%2Fvtemu.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A521%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-...

357 B
439 B

35ms
35ms

XHR
application/json

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/22270396/1?wmode=7&page-url=https%3A%2F%2Fvtemu.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A521%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A162500067064%3Ahid%3A1010760582%3Az%3A0%3Ai%3A20220303121348%3Aet%3A1646309628%3Ac%3A1%3Arn%3A360701278%3Arqn%3A1%3Au%3A1646309628492691176%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1646309627427%3Ads%3A71%2C37%2C338%2C2%2C0%2C0%2C%2C160%2C3%2C%2C%2C%2C609%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1646309628%3At%3A%D0%9F%D0%BE%D0%B4%D0%B5%D0%BB%D0%BA%D0%B8%20%D1%81%D0%B2%D0%BE%D0%B8%D0%BC%D0%B8%20%D1%80%D1%83%D0%BA%D0%B0%D0%BC%D0%B8%2C%20%D0%BF%D0%BE%D0%B4%D0%B0%D1%80%D0%BA%D0%B8%2C%20handmade%2C%20DIY%2C%20%D0%BC%D0%B0%D1%81%D1%82%D0%B5%D1%80%20%D0%BA%D0%BB%D0%B0%D1%81%D1%81%D1%8B%20-%20vtemu.by&t=gdpr%2814%29aw%281%29ti%282%29

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

b42ed9d631798a75b1f8fd232a99456be44b950051bc8da1e12722ef631b5479

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:48 GMT
x-content-type-options: nosniff
last-modified: Thu, 03-Mar-2022 12:13:48 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://vtemu.by
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 357
x-xss-protection: 1; mode=block
expires: Thu, 03-Mar-2022 12:13:48 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:48 GMT
last-modified: Thu, 03-Mar-2022 12:13:48 GMT
location: /watch/22270396/1?wmode=7&page-url=https%3A%2F%2Fvtemu.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A521%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A162500067064%3Ahid%3A1010760582%3Az%3A0%3Ai%3A20220303121348%3Aet%3A1646309628%3Ac%3A1%3Arn%3A360701278%3Arqn%3A1%3Au%3A1646309628492691176%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1646309627427%3Ads%3A71%2C37%2C338%2C2%2C0%2C0%2C%2C160%2C3%2C%2C%2C%2C609%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1646309628%3At%3A%D0%9F%D0%BE%D0%B4%D0%B5%D0%BB%D0%BA%D0%B8%20%D1%81%D0%B2%D0%BE%D0%B8%D0%BC%D0%B8%20%D1%80%D1%83%D0%BA%D0%B0%D0%BC%D0%B8%2C%20%D0%BF%D0%BE%D0%B4%D0%B0%D1%80%D0%BA%D0%B8%2C%20handmade%2C%20DIY%2C%20%D0%BC%D0%B0%D1%81%D1%82%D0%B5%D1%80%20%D0%BA%D0%BB%D0%B0%D1%81%D1%81%D1%8B%20-%20vtemu.by&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: https://vtemu.by
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 03-Mar-2022 12:13:48 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
28 KB 47ms
24ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts/load-gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

4df82d1dee3f949b41af84357c2e42d85dca43e49a1feff4a505c2297f3ab1a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28045
x-xss-protection: 0
server: sffe
etag: "1148 / 897 of 1000 / last-modified: 1646309194"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 03 Mar 2022 12:13:48 GMT

POST
H/1.1 204
No Content cntcm.aspx
inv-nets-eu.admixer.net/ 0
235 B 25ms
9ms Ping
text/plain 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets-eu.admixer.net/cntcm.aspx?pvOId=87cf1b87-24a5-4411-80f9-bc1d530bc25a&ssp=EA9D38E3-5FFC-45EB-AF95-8DB1A53D2DF4&cntoid=c537fd3c-ec7e-49d5-b4bb-10a57417947a&pv=1&referrer=&page=https%3A%2F%2Fvtemu.by%2F

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/analytics/tag-manager.js?m=data-from-dom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://vtemu.by
Date: Thu, 03 Mar 2022 12:13:48 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-XSS-Protection: 0

POST
H/1.1 200
OK dmpapxl.aspx
inv-nets-eu.admixer.net/ 43 B
458 B 26ms
9ms Ping
image/gif 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL: https://inv-nets-eu.admixer.net/dmpapxl.aspx?cntoid=c537fd3c-ec7e-49d5-b4bb-10a57417947a&referrer=&page=https%3A%2F%2Fvtemu.by%2F
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/analytics/tag-manager.js?m=data-from-dom
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),
Reverse DNS
Software: nginx /
Resource Hash: 281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:48 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NID DSP ALL COR"
Cache-Control: no-store
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Expires: Wed, 21 Oct 2015 07:28:00 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/44184/ Frame 3BE2 738 B
485 B 22ms
22ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/44184/c.html?b=44184
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

server: gcore
date: Thu, 03 Mar 2022 12:13:48 GMT
content-type: text/html
last-modified: Sat, 26 Feb 2022 17:57:57 GMT
vary: Accept-Encoding
etag: W/"621a6a25-2e2"
expires: Sat, 04 Mar 2023 10:09:15 GMT
cache-control: max-age=31622400
cache: HIT
x-cached-since: 2022-03-03T10:09:15+00:00
x-id: fr5-up-gc36
content-encoding: gzip

GET
H2 200 0967ebea4a2a8854ab82.b.js Show response
cdn.admixer.net/scripts3/44184/ 23 KB
8 KB 22ms
22ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/44184/0967ebea4a2a8854ab82.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 09ef43311f60323feb3ecd8c3f5e81064548c7e632d58e27253e6fef25bc0e7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 17:57:44 GMT
server: gcore
etag: W/"621a6a18-5d41"
vary: Accept-Encoding
x-cached-since: 2022-03-03T10:09:19+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 04 Mar 2023 10:09:19 GMT

GET
H2 200 849bc7976a13501da8fc.b.js Show response
cdn.admixer.net/scripts3/44184/ 74 KB
19 KB 24ms
23ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/44184/849bc7976a13501da8fc.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: ad8d6790c4653e3bd078031ffcd5b9c231056162ff04ae386ad85fb74e89407e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 17:57:52 GMT
server: gcore
etag: W/"621a6a20-12993"
vary: Accept-Encoding
x-cached-since: 2022-03-03T10:09:19+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 04 Mar 2023 10:09:19 GMT

GET
H3 200 pubads_impl_2022022801.js Show response
securepubads.g.doubleclick.net/gpt/ 365 KB
122 KB 21ms
7ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

1df7a24523290093157df22484dc0881a2bcf2d5f4dc38e5f4d9cbce0684be97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:01:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 746
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124783
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 09:34:19 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 03 Mar 2023 12:01:22 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 107 B
117 B 32ms
17ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=vtemu.by

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

df10d8a3d9620078b0675c82cc9c35c4bbf848f0a01270fbf3a72fa2ec258a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92
x-xss-protection: 0
expires: Thu, 03 Mar 2022 12:13:48 GMT

POST
H/1.1 200
OK prebid.1.2.aspx Show response
inv-nets.admixer.net/ 4 KB
5 KB 27ms
10ms XHR
text/javascript 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/prebid.1.2.aspx

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/prebidcdn/prebidcdn.js?pm=adServer,adServerDFP,admixerAnalyticsAdapter,admixerBidAdapter,admixerIdSystem,currency,intersectionRtdProvider,schain&dev=true&rnd=268435462&hash=1385267621-

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

045b74913b245e55878d3ea223ca94daddcf7b276def93c7cfe77fe00ea9964e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://vtemu.by/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 03 Mar 2022 12:13:48 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://vtemu.by
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 4151
X-Xss-Protection: 0

GET
H/1.1 200
OK dsp.aspx Show response
inv-nets.admixer.net/ 2 KB
1 KB 25ms
9ms Script
application/javascript 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/dsp.aspx?sender=admixer&rct=4&v=2.0&rnd=9765062067805092&cpv=4d868d9a-b0cc-ee09-f150-d41889318791&responseType=default&uids=%7B%7D&fpd=%7B%7D&kvTargeting=%7B%7D&data=%7B%22id%22%3A%2267f5047f-0905-8fcf-8038-23dde34108d4%22%2C%22site%22%3A%7B%22page%22%3A%22https%253A%252F%252Fvtemu.by%252F%22%2C%22ref%22%3A%22%22%2C%22sf%22%3A0%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.51%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%7D%2C%22labels%22%3A%7B%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22b9e527b5-387a-7cc5-47b3-7b8c7974660d%22%2C%22tagid%22%3A%22e4f68150-f30b-40cd-9403-2a3352490892%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_e4f68150f30b40cd94032a3352490892_zone_8786_sect_2240_site_2127%22%2C%22pos%22%3A0%2C%22inView%22%3A0%7D%2C%22i%22%3A%22inv-nets%22%2C%22sender%22%3A%22admixer%22%7D%5D%2C%22allimps%22%3A1%7D&am-uid=null&3rdEnabled=true&3rd=true

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

6c92d977f6eb7c8907500faf83c65314eaac82190b363694ccb5cb6b5d41bcd4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:48 GMT
Content-Encoding: gzip
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 822
X-Xss-Protection: 0

POST
H/1.1 204
No Content hb_analytics.aspx
prebid-inv-eu.admixer.net/ 0
235 B 15ms
14ms Ping
text/plain 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://prebid-inv-eu.admixer.net/hb_analytics.aspx

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://vtemu.by/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryq4jdiONI4RMpKeo4

Response headers

Access-Control-Allow-Origin: https://vtemu.by
Date: Thu, 03 Mar 2022 12:13:48 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
16ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=vtemu.by

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vtemu.by

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
8 KB 441ms
441ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4232842818120551&correlator=4361395411258375&eid=31065503%2C31065400&output=ldjh&gdfp_req=1&vrg=2022022801&ptt=17&impl=fifs&sc=1&sfv=1-0-38&ecs=20220303&iu_parts=29636627%3A22655991939%2Cvtemu.by_970x250_hb_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x100%7C300x50%7C300x75%7C320x50%7C320x100%7C468x15%7C468x60%7C728x90%7C728x15%7C970x90%7C970x120%7C970x200%7C970x250&eri=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&abxe=1&dt=1646309628738&lmt=1646309428&dlt=1646309627878&idt=833&biw=1600&bih=1200&oid=2&adxs=15&adys=171&ucis=1&adks=51155630&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fvtemu.by%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x10&msz=1570x0&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=true&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

6e21c2aa0f0dc72a3c44c59b86d9bcb589cf574a0db3e766d41f7076c05436e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8195
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://vtemu.by
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CD43 6 KB
4 KB 72ms
15ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 03 Mar 2022 12:13:48 GMT
expires: Fri, 03 Mar 2023 12:13:48 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 e1eee23f36481a69453f.b.js Show response
cdn.admixer.net/scripts3/44184/ 28 KB
11 KB 48ms
44ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/44184/e1eee23f36481a69453f.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 17:57:58 GMT
server: gcore
etag: W/"621a6a26-702f"
vary: Accept-Encoding
x-cached-since: 2022-02-26T17:58:59+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Mon, 27 Feb 2023 17:58:59 GMT

GET
H2 200 fdabe098f34289659a17.b.js Show response
cdn.admixer.net/scripts3/44184/ 42 KB
18 KB 46ms
42ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/44184/fdabe098f34289659a17.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 17:58:00 GMT
server: gcore
etag: W/"621a6a28-a793"
vary: Accept-Encoding
x-cached-since: 2022-02-26T17:58:59+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Mon, 27 Feb 2023 17:58:59 GMT

GET
H2 200 84011c43c3075e543c6d.b.js Show response
cdn.admixer.net/scripts3/44184/ 13 KB
5 KB 46ms
43ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/44184/84011c43c3075e543c6d.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 17:57:52 GMT
server: gcore
etag: W/"621a6a20-326c"
vary: Accept-Encoding
x-cached-since: 2022-02-26T17:58:59+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Mon, 27 Feb 2023 17:58:59 GMT

GET
H2 200 182f2d74c34963cea11e.b.js Show response
cdn.admixer.net/scripts3/44184/ 11 KB
4 KB 46ms
44ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/44184/182f2d74c34963cea11e.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 51963d3074e03b274597ec8a657697e989d104197d060d7f71e4df8971c25edb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 17:57:44 GMT
server: gcore
etag: W/"621a6a18-2a79"
vary: Accept-Encoding
x-cached-since: 2022-02-26T17:58:59+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Mon, 27 Feb 2023 17:58:59 GMT

GET
H2 200 631117330f3e56489daa.b.js Show response
cdn.admixer.net/scripts3/44184/ 214 KB
74 KB 46ms
44ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/44184/631117330f3e56489daa.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: gcore /
Resource Hash: 2cb6aa168491f0d76255839ccbed19fba4f560bcf0b95aea1dc84aa257ac685c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc36
date: Thu, 03 Mar 2022 12:13:48 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 17:57:49 GMT
server: gcore
etag: W/"621a6a1d-3594f"
vary: Accept-Encoding
x-cached-since: 2022-02-26T17:58:59+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Mon, 27 Feb 2023 17:58:59 GMT

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://admixer-sync.rutarget.ru/sync
https://inv-nets.admixer.net/adxcm.aspx?ssp=76391747-8C01-44B5-BA9C-B7DA670E100C&id=7hkfBOaVDWXl

43 B
463 B

10ms
10ms

Image
image/gif

146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=76391747-8C01-44B5-BA9C-B7DA670E100C&id=7hkfBOaVDWXl

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:49 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

location: https://inv-nets.admixer.net/adxcm.aspx?ssp=76391747-8C01-44B5-BA9C-B7DA670E100C&id=7hkfBOaVDWXl
date: Thu, 03 Mar 2022 12:13:49 GMT
server: nginx
content-length: 0
p3p: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H2

200

admixer
exchange.buzzoola.com/cookiesync/ssp/
Redirect Chain

https://exchange.buzzoola.com/cookiesync/ssp/admixer?uid=b8249f2c321b4769b706765f0eb4be15
https://exchange.buzzoola.com/cookiesync/ssp/admixer?set_buzzoola_cookie=t&uid=b8249f2c321b4769b706765f0eb4be15

43 B
130 B

15ms
14ms

Image
image/gif

144.76.118.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.buzzoola.com/cookiesync/ssp/admixer?set_buzzoola_cookie=t&uid=b8249f2c321b4769b706765f0eb4be15
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H2
Server: 144.76.118.233 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.233.118.76.144.clients.your-server.de
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:48 GMT
server: nginx
content-length: 43
serverid: TODO
content-type: image/gif

Redirect headers

location: /cookiesync/ssp/admixer?set_buzzoola_cookie=t&uid=b8249f2c321b4769b706765f0eb4be15
date: Thu, 03 Mar 2022 12:13:48 GMT
server: nginx
etag: W/"1b1ba8a2c99f424a7d2079e4ff6cd1ddc9690646014a0f270b7137bf4bef2595"
content-length: 122
serverid: TODO
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806
https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806&tuid=-4663538251
https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AG4TOtkIyeAXuBn4hCsxkyw

43 B
463 B

8ms
8ms

Image
image/gif

146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AG4TOtkIyeAXuBn4hCsxkyw

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:49 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:49 GMT
Transfer-Encoding: chunked
P3P: policyref="//adriver.ru/w3c/p3p.xml", CP="NON DSP COR CURa ADMa DEVa OUR BUS UNI COM NAV INT STA"
Location: https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AG4TOtkIyeAXuBn4hCsxkyw
Cache-control: no-cache, no-cache=Set-Cookie, max-age=0, must-revalidate, proxy-revalidate, no-store
Connection: keep-alive
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 1px-matching-go2net.gif
m.trafmag.com/images/ 35 B
351 B 68ms
13ms Image
image/gif 193.200.65.6
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.trafmag.com/images/1px-matching-go2net.gif?id=b8249f2c321b4769b706765f0eb4be15
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.6 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: adforce.team
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:48 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

GET
H2 204 match
dm.hybrid.ai/ 0
238 B 162ms
50ms Image
text/plain 37.18.16.22
HYBRID-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/match?id=128&vid=b8249f2c321b4769b706765f0eb4be15&gdpr=&gdpr_consent=

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.18.16.22 , Russian Federation, ASN205675 (HYBRID-AS, RU),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:48 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: *
cache-control: no-cache, no-store
x-mode: 101
x-xss-protection: 1; mode=block
expires: -1

GET
H/1.1

200
OK

cm.aspx
inv-nets.admixer.net/bs/
Redirect Chain

https://x.bidswitch.net/sync?ssp=admixer&user_id=b8249f2c321b4769b706765f0eb4be15&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://x.bidswitch.net/ul_cb/sync?ssp=admixer&user_id=b8249f2c321b4769b706765f0eb4be15&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://green.erne.co/bidswitch/cm?bidswitch_ssp_id=admixer&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=vVXKm9QLmyhqamHbGhUnYahd&ssp=admixer
https://inv-nets.admixer.net/bs/cm.aspx?id=daa7cacc-fe90-4572-b08f-1f8bf8fd476e&gdpr=&consent=&gdpr_pd=

43 B
463 B

11ms
11ms

Image
image/gif

146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/bs/cm.aspx?id=daa7cacc-fe90-4572-b08f-1f8bf8fd476e&gdpr=&consent=&gdpr_pd=

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:48 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Location: //inv-nets.admixer.net/bs/cm.aspx?id=daa7cacc-fe90-4572-b08f-1f8bf8fd476e&gdpr=&consent=&gdpr_pd=
Date: Thu, 03 Mar 2022 12:13:48 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=197200&cb=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DFCC51D18-EB58-4B22-B884-02E238CDD6F2%26id%3D
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DFCC51D18-EB58-4B22-B884-02E238CDD6F2%26id%3D&s=197200&C=1
https://inv-nets.admixer.net/adxcm.aspx?ssp=FCC51D18-EB58-4B22-B884-02E238CDD6F2&id=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB

43 B
463 B

8ms
7ms

Image
image/gif

146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=FCC51D18-EB58-4B22-B884-02E238CDD6F2&id=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:48 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://inv-nets.admixer.net/adxcm.aspx?ssp=FCC51D18-EB58-4B22-B884-02E238CDD6F2&id=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 304
Expires: Thu, 03 Mar 2022 12:13:48 GMT

GET
H2 200 match
ads.betweendigital.com/ 68 B
159 B 237ms
58ms Image
image/png 188.42.29.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=43070&callback_url=%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D70C88C54-8654-4219-A50A-E344F86A4A28%26id%3D${USER_ID}
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.29.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

GET
H/1.1 204
No Content merge
ce.lijit.com/ 0
348 B 71ms
17ms Image
text/plain 216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=380632&3pid=b8249f2c321b4769b706765f0eb4be15&us_privacy=$(US_PRIVACY)&gdpr=&gdpr_consent=&location=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DA0E94EB6-7943-457A-8B17-9C99C6ADCED2%26id%3D%5BSOVRNID%5D
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:48 GMT
X-MERGE: GDPR Optout true
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

cm-notify
creativecdn.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=admixer
https://creativecdn.com/cm-notify?pi=admixer&tc=1

42 B
243 B

15ms
15ms

Image
image/gif

185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativecdn.com/cm-notify?pi=admixer&tc=1
Requested by: Host: vtemu.by
URL: https://vtemu.by/
Protocol: H2
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:48 GMT, Thu, 03 Mar 2022 12:13:48 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-type: image/gif
content-length: 42
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://creativecdn.com/cm-notify?pi=admixer&tc=1
date: Thu, 03 Mar 2022 12:13:48 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202240101/ 151 KB
54 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202240101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

636f80b5d29072a55efa09889b92dc8c0a994402054d0509834fe82c5ad5600a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55001
x-xss-protection: 0
server: cafe
etag: 12839939377606004502
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=vtemu.by

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vtemu.by

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CAE3 100 KB
35 KB 443ms
443ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd9f64ed1aec62b6ab1f087e97102a4635c9a6bb956b46ffecc2950ae3410dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
content-length: 35615
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 12:13:49 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7F43 101 KB
35 KB 477ms
475ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6aefce42089f5d4410cc172aeb8b592263bf72c196e1e4ba7155b1fa89aac2fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
content-length: 35670
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 12:13:49 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 53E6 89 KB
33 KB 469ms
469ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45051fce073f76d124669049e35b480823d7c9a7591cb725c087aa390f7d7fb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
content-length: 33491
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 12:13:49 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 91E1 103 KB
35 KB 756ms
756ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e2d6375ad403d04d71e825226ace859b507dc6780df0a8287b95e63731fd9358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
content-length: 35880
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 12:13:49 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E97D 94 KB
34 KB 383ms
382ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1992333392&pi=t.aa~a.1040856864~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=0&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3952&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=cbRfOXMPBT&p=https%3A//vtemu.by&dtd=45

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5d6e153c412f8d094f5aa298887e9509d953500fd8047b2b7dd1ca703c2d477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
content-length: 34890
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 12:13:49 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=vtemu.by

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vtemu.by

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/ Frame 4F47 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Thu, 03 Mar 2022 02:28:32 GMT
expires: Thu, 17 Mar 2022 02:28:32 GMT
cache-control: public, max-age=1209600
age: 35117
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/ Frame 5F90 10 KB
4 KB 7ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Thu, 03 Mar 2022 02:28:32 GMT
expires: Thu, 17 Mar 2022 02:28:32 GMT
cache-control: public, max-age=1209600
age: 35117
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 204
No Content hb_analytics.aspx
prebid-inv-eu.admixer.net/ 0
235 B 9ms
9ms Ping
text/plain 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://prebid-inv-eu.admixer.net/hb_analytics.aspx

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://vtemu.by/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryTUsA0blK0cH6eiSj

Response headers

Access-Control-Allow-Origin: https://vtemu.by
Date: Thu, 03 Mar 2022 12:13:49 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H3 200 container.html Show response
69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4490 6 KB
3 KB 24ms
7ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Mar 2022 12:13:48 GMT
expires: Fri, 03 Mar 2023 12:13:48 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css2
fonts.googleapis.com/ Frame 4F47 4 KB
634 B 31ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 12:07:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 12:13:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4F47 205 B
744 B 45ms
14ms Image
image/png 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:39:58 GMT
x-content-type-options: nosniff
age: 106431
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 02 Mar 2023 06:39:58 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4F47 604 B
695 B 45ms
14ms Image
image/png 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 12:38:30 GMT
x-content-type-options: nosniff
age: 84919
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 02 Mar 2023 12:38:30 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/elements/html/ Frame 4F47 19 KB
9 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a25197dc637fcb41e8d3133cfed0573116c8a1618922454e6c13833754a161e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8378
x-xss-protection: 0
server: cafe
etag: 16647736096342315519
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:09:31 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 0A95 112 KB
40 KB 84ms
41ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YiCw_AAErWEK4C3bAA8sKaFXkUood7KAU_QpLA&u=%7C5yi909FihAXqthaCfhtuFCWzUYOEzoZvomEPHeNPMSY%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wdMQbUJ2oe0VN9BzJTyj-HjMvuxAXy2Tevw1hXaymk8OQIWWniy-Po-d5aFpl7cS_koJH7HO4G7OG1ux4NdedclZKVtCnYM4etddUrmURFyM2n4HjTVRNVu1ZyIlXXqG5Pix7SlDx0SDIa8YC_xxern_UbXgXko-vhZtFN5q8-LDBx-T7qN0wp6Sgdp6KC2nuLc8QC9C6heYLVR2ht5SuJBfVmruvCwEy4cxpYyAJCnyhH8tGjSEg6g6A5mB9CBNGdUKP2GpCtVZUQT5pIVa5xrMvw8-2T1exjF-KCLdXmBSb4eyOtsz8Tyyp7eSw9q1q2qSqsepyzvaWx9kBE9_qESmwppIc1v-Td21ntHVnEUeDNJRyM8BXfXC7V2vcRNup0thZW0TlJNVXAA-HHz1F9I&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpHPi_LAgYuHaEtvbgAep2LyQCcme0rFcvfGU93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMzk5MDQ5MDMzMTUzMTY1MqAB1bbS6gPIAQmpAtNKqH2CnLI-qAMBqgTOAU_Q98lWbthSH__TFyzgHr3-PwjhWLRka0PeHnwRgTbv6-mvFUd-AcTjgfzII4r-TU770VaVyWzkWmxslT-6LDnxAAVUV0G4wHRgqZ1Q6YVnIYDvDAF7XN7gAdbYmkfSk2qhdD_Gqu6CPTxHxJTbOp25yjLbLSIQZcSgEvoZz8Jd8EhGhy32CJiAWItE821i40NB5noc-Elr_J2bKh3ANdESeXVx58ElKcH5f_2s4I7SJxkApxG8llujvB5-u9U8fXk_AMaomJZ4E2PADmXGgAaalI351ZKE078BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1O3Qiw1A6t2eGR8XIe-3kd2j1XFw%26client%3Dca-pub-3990490331531652%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7e6f94e66af224954c6910c5a4eec5d86d5eda0ae57562ffc1b13413071effd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=7Qi3XWFc2mU3so3UQmAs5kQfpWF1G-6M-4r6vYDvGcqlzqgM9lc2iGaFnncc4iZ5jBLZSqwe4vE49Kb9a5Oxv2hd8xnNxPsuT2zIUymK8BCAv380m6CRCIqGl9UC8OmWanWuYOShatZOBUk4zfN7T_5CdGzTmz7ZHsvFHDd76Oz61CAMQvlRLD4g0-VvRk5tKlai7goIxIE_9g3EOlJvH5I7lp5TLdFMK1MFSZWCa3fz9YwJViLSr_ABZ9FuLoh6K4LoqA"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 27628796
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 5F90 2 KB
1 KB 31ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:53:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1224
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:53:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5F90 124 KB
39 KB 39ms
15ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 5F90 15 KB
6 KB 25ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:29:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2675
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:29:14 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5F90 0
0 80ms
79ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CRqOY_LAgYuHaEtvbgAep2LyQCcme0rFcvfGU93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMzk5MDQ5MDMzMTUzMTY1MqAB1bbS6gPIAQmpAtNKqH2CnLI-qAMBqgTLAU_Q98lWbthSH__TFyzgHr3-PwjhWLRka0PeHnwRgTbv6-mvFUd-AcTjgfzII4r-TU770VaVyWzkWmxslT-6LDnxAAVUV0G4wHRgqZ1Q6YVnIYDvDAF7XN7gAdbYmkfSk2qhdD_Gqu6CPTxHxJTbOp25yjLbLSIQZcSgEvoZz8Jd8EhGhy32CJiAWItE821i40NB5noc-Elr_J2bKh3ANdESeXVx54MnCFN-8GG_XxLGhMk9Aem1glEVtjBmOWH0QN_Nv9iEgBPSl3B_gAaalI351ZKE078BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMzk5MDQ5MDMzMTUzMTY1MhgA&sigh=emuRNQTnl_Q&uach_m=[UACH]&cid=CAQSGwCNIrLMsrXf5AQhRRJn5QK3TC4vgDpvyEXRTxgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 03 Mar 2022 12:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 5F90 0
0 162ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UKzDEsz6RO0HfJ2DYgICAAAAQE6D44zdcYkQ-rAgYn2Hy9c7tw0eUxoxABI&wp=YiCw_AAErWEK4C3bAA8sKaFXkUood7KAU_QpLA&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
server: Kestrel
server-processing-duration-in-ticks: 293623
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3C41 624 B
300 B 20ms
19ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGObjob0BMAE&v=APEucNWttiertR71wCTVnEV4B5PcQu1vlyNZomtg_uS55UEN4tqsPBiG8RRfyrXIZZYlODoUrTMrDt4wAyJsTUxnyecHAjNsQqzDrpEnZM_OTwVL0x1tBCPKkmZPEU2dTz2MMbMtLCIHhDhMsb8IJfc4odhnP0jS8q-BZeQSPImmM1KrwRm46kM

Requested by

Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4490 81 KB
33 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AlPkSaPFpJvjj7FSrOSyPXPdYCOP6AKD1EReyYhBZ-BJvmehO6AvHFFP-2vNSFvLv8A9rFXJUIxsveuRedz6mo-RCv6FxKqaziHD7uh61TyvVdBE5yUNqyajpJivqLyQoHYMj8-niTex69izf0B2iwrwjfYg&dbm_d=AKAmf-DGnpXZIL8bZdYqdU55bGwDhLcvVzj7mgnedrQ2vJji-2yeAstQuhv74qpCXNdprLtyLkCFb2P2ywwglTfrMfM_ezeN_9hxAU_AUfteR1uu9nBjCXoidJx1yg8Okjv8LAsIPdB11GPTT7nSOqXgBKQvF3c8xJhouRutJLdBhq1NtVEFLebapa-4gPdjoTWJjC9JVW3pe5b8YZtrh_xvROlKdOWcIuGz5tDuDJ0TF9l2zwgkk_huX-a0Tw2SaBUvNpFT9zjak3Pf8NzWxgeLLKfXLFtXnIJoOeGT0lqCJeFS3BQxG2J0HCt7GT16XWriEGC-rcMwdR0krBhldpM4DfpG1RI7kqKjGLK9SGiwXATU4Vn0K2r8l_bqyl-XHIh0ef5AmawfHi6BHoYlrLcXJQV1FdN4cAtA4mbCpElLwerX11e71Mz3tZYJkFW8iUERez20ESZPVEUYhehSRknnlZr1E6WLTraNjS60d91NT_FKMpU2Ig5deCNvq24xjx0sqKZDYQi0AJE9np3KDMOXFhFSZPtmTUzZzJR8oxvY712j7KGCRwXeVDarR-nkOZj4V2mdiju3ODqKD2CZi5VI5J2OeTAUKoo8kFazxmYq7vL5LYrmt9elJAKhs0siLZQS5-CYo3dvfB9sDSKcpJStvA6iL7okupxOO2r_EQ_vJE8KfAMorKQ4dgfoikYeADei1a968w-prr7vwz_QyImClX2_vsEaqj0I8TiEzTZUs3CCBSfIkJhutH1Gpl0oC3QQeUm3sr3Y3mT-zSyNPFkfFVoc3fiqbh37CYPsexFsY-J7YJmwmE7_lr5gSm43AMmFCCU9o7e4M-IqhOIIRevX_eWWVEpSJKeTDCYslLZgUXuKRx0iU8FY9_BWFkfMhH2MWh2Nt2JJ27fiaiWcIZ9Witek5Nt34v5OCx828p3JMxz6-RuqO7ES4_e_99BW3TJKPWKG-Qg5V1hofO8kXFGsIHsqL5IMPjig7ExWGDj9pBToDUxZPR1QuiJBUoCVCvU_KY8pMN5eWsLj7ekMBpnlgKtyHB7grrpNWEGYDusB01Xb-lSk1N4zcwmW-FBRy3guP1IOykh297Mzq706WlzVQcNmgZCPfq_akOw6C6oH_tXWFJz855ZlJcoz940q9VBYUScAx1t_8jTXt1hQ6g47YBahpDeesQVQRJV5xlvhAod-DHg1XaD3rCNwNXKWXfc4OcxBCrkM6vkZ9HAytuqA43BQ6M76FFxj3BN_UEdFQV4HUw47wk1giAHtyn18PrA5MxxLSyXhl4HuaxpyYfvsBedWVAVBSTmZQyIkc41F8mB078GfC9hHyBh_gCGDykHXEVXM7AVtJP2HA8HECmUF8ogdhg3ToPd3YRd8zxKTQ4CcGT_P_LEcxs5Re3Vwbmh0QrtCNzAUmBFBFPyaIEH-Qjn1mFDO7bg5jZkauh9KToZXT2quQ-D_vur7BF4ExwFz79g98Yy6m5G8dYMFR1x1xCkY95kWHOEvxlEJLsOj5toi2KYd7fwNVvcKqY67yHVLWD2Vi6jIyHoptXsQ2Yo_Ch6SOi5XBmjlZrrZDWqs4YuCJdIkLUTbD_BztkiyLm5XnnwWvA43IWR1jGuGyGe3ok2yYbO5US7Vwgtz2iQkCxrf5IpapdH13D3avuNSHpjFcIaXlEvvp9712nM1NxKErc5aoMiR1NG0GJ8YAK14d8Jbww_SL_Bs115WRGNy7dWgyPfxhNcSU_LS-ueJHcma6_WngjnBu_ybFRPXmsxZIfdQx_2EY24u0_BK-PvawDpAVcIiFRG-Zd7iFg0VGCK8LQ604cxkOs7Lr8x60yVPY1Sq0HlhAZqs8GOP8OeWpOPD5FTEtmyM5NIJWn9TSJ3eki2glHYMhLxpHTBLO0Vh-HCGsqFrnB5gtWeYJawp2RdK-YMT2SQ2ikCnR000STW2bY5BDumXmOJIk2tnYmRlFZEGVTNNNtrIG4L53l0hpt-PFaPwVoo_mKMHqVG_Etv8n4uLp0uDVbF5Wb_r05UspOAJXYx5GFHy_Go1F8UOY9n1_6pSMzNb18jlwK8HSCdN-6-c13sANLODg77fBKs-d6jBPyhXqu7pf64njFq9h3S2NjptC5Jb9q2Cr8sJIdBW_BDlaluW53PhaKeW5pOD4BJPUFedV8R5Ph4uDxUq9agGVdiHc5z32yWMJ42SCA5aF3LKl0SubxKIgMAYIBsdft48SfKut9HoyUr3x5MdY4lhNPFHVIBTHHQjiIqu1QoOh47IwXwuw3YLGfC9X1G067JQEPUXpGivXvb3LE0UAfe58w0kjOmtcJzxen3RHCddaLfMO8UKhSgoszS5cnjnb6O7GJzsryjnvwJGdoySo_O3KyNHdeMLi5oe2OffA5Yz9ikrBNxlCgR9-3zMdSn8KBPh2VrT5HPeMNxsWY2xYnK0Rq6rLBevM39zkLHSsY-HVWhsYjszvHvh93FJhEwvJN78ex1ZgMgvcQqgn9dqi4m8H_coqYWsibJOmm8JFhYlOvwVv6hMm676Fmmn5c9A-9iiYK7VrZHBhKH2bYmfKjXctpB1B6lFOOOCDhnBHhVbJMoNz8-g0Ynrny88Kbh1YdxYq6Ty2LSNcRHawnaQcNeJ228whR857qttLtzM-wrVDlbZlF-bNhmzNkEgOjMfU82dVOxIQsG3mJjK6j-gnL-cFNASyBTd0NV5ifqqNPCTibVLvie_SXMY8HcdfkId3ABYC21Wr1accch8RsqXu0ff2fLwIz4jiCkJVnbEUfu2rlyghFQ9ltJ9KLzRDKxoI5imniVdNV0kNowl9g6Mc256q5pE1N9nmNIYfT6f4S25U7TqU4w__LEJ6seoTPT1vDFnoIHj3lt5No4_O1JL9pl6myTwEw6gao2xMU8mf0kI4CenLTMRf-65r0gwi1j_2Acxpwc0CzOYDGss2o8H5giy6Szg057tRgFUESSCoaWxcdyEzoP1BKL1SRfgWBfelKwqSQIwgojDKTgULY9TugT3YyPzB65-G3A2qj4z7G4rlq14pr4JETXc-d-zEUJGtBk4Ej2KrV1SYd1EmgfkwHzpViRdYfFZfZuKfl-DoTl0WohExmMqpvO9p9Rh4mJlqoHr46RfO0ICmpHrA78gckfP1iJ1NNeqxptlwTqk3oU2PE-zgQm3FzgiBfenUvO0AuX8z16C3iOEqBibjxPF2wKtZD1DkmXVWj4JS74GrRN69caZRWbc28HvooJTey_L-Ccc_MYH9qCCTTFz6mylOggG8-Ve0aB6ceg43xCFO-66OPlv4p9tdM_B1KKqnYMQMR5smwWhkHd_9FKQWJoP3TZ-PfX0AnHZO0ofw6ZJuy4uEf1yhDV7GYA3AorbDV9GgmqlTrLTV2TeONJB3Ul5kvamc0xIToMtiUX6kUllUlijZ_ZlRK-_v2RN8HAwjO6SqfFy6erSD-5Hs7gu9nAX-hfDGr9K-uBbIpRNWuvnr_Ij4I0fzRBZNaoRQBaIIyD0zVxp5agvKDQTr0P9vKj4XZJWav9XeQIJEHn02KyrVyHCLhHVsGpXTPoMqMJpFKW6WJFQxlnUwIk&cid=CAQSLQCNIrLMv73LODuNRcRI15RxJqH2TohEXMx5dUW_W-a9Iz4PkbdviXPxYzZbaw&rfl=1%2Chttps%253A%252F%252Fvtemu.by%252F%240

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b55bb8061d3b7d277ef8dc25a0c853a9193af9fbfbeb6aa871c7f59d043a66eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33904
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4490 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BmMc2ruqRLn-0_OuZICYW_EIMdGVImsTsZOEIsvyt8MDB_xVRIY32Ez9qVPQQFrZKdQg5pwtOk9GjhAkTu_xDoi6QK8odAHEo0mVMj-j4QfrAeg8I

Requested by

Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame 4490
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/907318/59567100/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=

43 B
482 B

75ms
18ms

Image
image/gif

2600:9000:225f:b800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:225f:b800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 3588568928e677ce9bb8aedfd6e0ea04.cloudfront.net (CloudFront)
age: 18043155
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: TXL50-P2
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: VDQzVnwcSkrqOtezK7KXeJUZ0c3i9DNn4aeMiPbA2puaArrKMMkoZQ==

Redirect headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 4490 2 KB
1 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/window_focus_fy2019.js

Requested by

Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:53:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1224
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:53:25 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 4490 15 KB
6 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:29:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2675
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:29:14 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4490 124 KB
38 KB 52ms
41ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 8B0F 8 KB
892 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 10:22:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 12:13:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 8B0F 2 KB
904 B 24ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:57:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:57:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/ Frame 8B0F 19 KB
8 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:06:13 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 8B0F 2 KB
1 KB 25ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 853
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:59:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8B0F 124 KB
38 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 8B0F 15 KB
6 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:09:45 GMT

GET
H3 200 1983f1322954a331c3caffc9609329fe.js Show response
www.gstatic.com/mysidia/ Frame 8B0F 28 KB
12 KB 29ms
13ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1983f1322954a331c3caffc9609329fe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11765
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 01:32:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 31 May 2022 06:44:01 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3C41
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE0bnB6jRevQ1SS60G_wOI0&google_cver=1

43 B
894 B

28ms
22ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE0bnB6jRevQ1SS60G_wOI0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGObjob0BMAE&v=APEucNWttiertR71wCTVnEV4B5PcQu1vlyNZomtg_uS55UEN4tqsPBiG8RRfyrXIZZYlODoUrTMrDt4wAyJsTUxnyecHAjNsQqzDrpEnZM_OTwVL0x1tBCPKkmZPEU2dTz2MMbMtLCIHhDhMsb8IJfc4odhnP0jS8q-BZeQSPImmM1KrwRm46kM
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:49 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 03 Mar 2022 12:13:49 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE0bnB6jRevQ1SS60G_wOI0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3C41
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YiCw-NfZgsvJGMf8-f2LhQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPtAE8TU6dQ1vdPhuVMBLm4&google_cver=1

43 B
894 B

22ms
22ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPtAE8TU6dQ1vdPhuVMBLm4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGObjob0BMAE&v=APEucNWttiertR71wCTVnEV4B5PcQu1vlyNZomtg_uS55UEN4tqsPBiG8RRfyrXIZZYlODoUrTMrDt4wAyJsTUxnyecHAjNsQqzDrpEnZM_OTwVL0x1tBCPKkmZPEU2dTz2MMbMtLCIHhDhMsb8IJfc4odhnP0jS8q-BZeQSPImmM1KrwRm46kM
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:49 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 03 Mar 2022 12:13:49 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPtAE8TU6dQ1vdPhuVMBLm4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 3C41
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEL2WXMkq4i7LadJoipfktgg&google_cver=1

43 B
1002 B

43ms
14ms

Image
image/gif

185.33.221.88
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEL2WXMkq4i7LadJoipfktgg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGObjob0BMAE&v=APEucNWttiertR71wCTVnEV4B5PcQu1vlyNZomtg_uS55UEN4tqsPBiG8RRfyrXIZZYlODoUrTMrDt4wAyJsTUxnyecHAjNsQqzDrpEnZM_OTwVL0x1tBCPKkmZPEU2dTz2MMbMtLCIHhDhMsb8IJfc4odhnP0jS8q-BZeQSPImmM1KrwRm46kM

Protocol

HTTP/1.1

Server

185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:49 GMT
X-Proxy-Origin: 193.27.14.24; 193.27.14.24; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 260b0c49-2f34-4f66-9c6d-1fe0fbf3e9f0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEL2WXMkq4i7LadJoipfktgg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3C41
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDMzNjM5NTA0MjcxNzYwNzU4Nw%3D%3D

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDMzNjM5NTA0MjcxNzYwNzU4Nw%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:49 GMT
X-Proxy-Origin: 193.27.14.24; 193.27.14.24; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 724ff396-8218-4639-b582-433f01068763
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDMzNjM5NTA0MjcxNzYwNzU4Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6C42 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Thu, 03 Mar 2022 12:04:58 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 531
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5F90 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e7064e2b48eff3b6655f97f7f007b1a5890b980d24f01886ac7bb88c76dd048

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 4490 169 KB
59 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
Origin: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 17:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68293
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Mar 2022 17:15:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220301/r20110914/elements/html/ Frame 4490 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220301/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AlPkSaPFpJvjj7FSrOSyPXPdYCOP6AKD1EReyYhBZ-BJvmehO6AvHFFP-2vNSFvLv8A9rFXJUIxsveuRedz6mo-RCv6FxKqaziHD7uh61TyvVdBE5yUNqyajpJivqLyQoHYMj8-niTex69izf0B2iwrwjfYg&dbm_d=AKAmf-DGnpXZIL8bZdYqdU55bGwDhLcvVzj7mgnedrQ2vJji-2yeAstQuhv74qpCXNdprLtyLkCFb2P2ywwglTfrMfM_ezeN_9hxAU_AUfteR1uu9nBjCXoidJx1yg8Okjv8LAsIPdB11GPTT7nSOqXgBKQvF3c8xJhouRutJLdBhq1NtVEFLebapa-4gPdjoTWJjC9JVW3pe5b8YZtrh_xvROlKdOWcIuGz5tDuDJ0TF9l2zwgkk_huX-a0Tw2SaBUvNpFT9zjak3Pf8NzWxgeLLKfXLFtXnIJoOeGT0lqCJeFS3BQxG2J0HCt7GT16XWriEGC-rcMwdR0krBhldpM4DfpG1RI7kqKjGLK9SGiwXATU4Vn0K2r8l_bqyl-XHIh0ef5AmawfHi6BHoYlrLcXJQV1FdN4cAtA4mbCpElLwerX11e71Mz3tZYJkFW8iUERez20ESZPVEUYhehSRknnlZr1E6WLTraNjS60d91NT_FKMpU2Ig5deCNvq24xjx0sqKZDYQi0AJE9np3KDMOXFhFSZPtmTUzZzJR8oxvY712j7KGCRwXeVDarR-nkOZj4V2mdiju3ODqKD2CZi5VI5J2OeTAUKoo8kFazxmYq7vL5LYrmt9elJAKhs0siLZQS5-CYo3dvfB9sDSKcpJStvA6iL7okupxOO2r_EQ_vJE8KfAMorKQ4dgfoikYeADei1a968w-prr7vwz_QyImClX2_vsEaqj0I8TiEzTZUs3CCBSfIkJhutH1Gpl0oC3QQeUm3sr3Y3mT-zSyNPFkfFVoc3fiqbh37CYPsexFsY-J7YJmwmE7_lr5gSm43AMmFCCU9o7e4M-IqhOIIRevX_eWWVEpSJKeTDCYslLZgUXuKRx0iU8FY9_BWFkfMhH2MWh2Nt2JJ27fiaiWcIZ9Witek5Nt34v5OCx828p3JMxz6-RuqO7ES4_e_99BW3TJKPWKG-Qg5V1hofO8kXFGsIHsqL5IMPjig7ExWGDj9pBToDUxZPR1QuiJBUoCVCvU_KY8pMN5eWsLj7ekMBpnlgKtyHB7grrpNWEGYDusB01Xb-lSk1N4zcwmW-FBRy3guP1IOykh297Mzq706WlzVQcNmgZCPfq_akOw6C6oH_tXWFJz855ZlJcoz940q9VBYUScAx1t_8jTXt1hQ6g47YBahpDeesQVQRJV5xlvhAod-DHg1XaD3rCNwNXKWXfc4OcxBCrkM6vkZ9HAytuqA43BQ6M76FFxj3BN_UEdFQV4HUw47wk1giAHtyn18PrA5MxxLSyXhl4HuaxpyYfvsBedWVAVBSTmZQyIkc41F8mB078GfC9hHyBh_gCGDykHXEVXM7AVtJP2HA8HECmUF8ogdhg3ToPd3YRd8zxKTQ4CcGT_P_LEcxs5Re3Vwbmh0QrtCNzAUmBFBFPyaIEH-Qjn1mFDO7bg5jZkauh9KToZXT2quQ-D_vur7BF4ExwFz79g98Yy6m5G8dYMFR1x1xCkY95kWHOEvxlEJLsOj5toi2KYd7fwNVvcKqY67yHVLWD2Vi6jIyHoptXsQ2Yo_Ch6SOi5XBmjlZrrZDWqs4YuCJdIkLUTbD_BztkiyLm5XnnwWvA43IWR1jGuGyGe3ok2yYbO5US7Vwgtz2iQkCxrf5IpapdH13D3avuNSHpjFcIaXlEvvp9712nM1NxKErc5aoMiR1NG0GJ8YAK14d8Jbww_SL_Bs115WRGNy7dWgyPfxhNcSU_LS-ueJHcma6_WngjnBu_ybFRPXmsxZIfdQx_2EY24u0_BK-PvawDpAVcIiFRG-Zd7iFg0VGCK8LQ604cxkOs7Lr8x60yVPY1Sq0HlhAZqs8GOP8OeWpOPD5FTEtmyM5NIJWn9TSJ3eki2glHYMhLxpHTBLO0Vh-HCGsqFrnB5gtWeYJawp2RdK-YMT2SQ2ikCnR000STW2bY5BDumXmOJIk2tnYmRlFZEGVTNNNtrIG4L53l0hpt-PFaPwVoo_mKMHqVG_Etv8n4uLp0uDVbF5Wb_r05UspOAJXYx5GFHy_Go1F8UOY9n1_6pSMzNb18jlwK8HSCdN-6-c13sANLODg77fBKs-d6jBPyhXqu7pf64njFq9h3S2NjptC5Jb9q2Cr8sJIdBW_BDlaluW53PhaKeW5pOD4BJPUFedV8R5Ph4uDxUq9agGVdiHc5z32yWMJ42SCA5aF3LKl0SubxKIgMAYIBsdft48SfKut9HoyUr3x5MdY4lhNPFHVIBTHHQjiIqu1QoOh47IwXwuw3YLGfC9X1G067JQEPUXpGivXvb3LE0UAfe58w0kjOmtcJzxen3RHCddaLfMO8UKhSgoszS5cnjnb6O7GJzsryjnvwJGdoySo_O3KyNHdeMLi5oe2OffA5Yz9ikrBNxlCgR9-3zMdSn8KBPh2VrT5HPeMNxsWY2xYnK0Rq6rLBevM39zkLHSsY-HVWhsYjszvHvh93FJhEwvJN78ex1ZgMgvcQqgn9dqi4m8H_coqYWsibJOmm8JFhYlOvwVv6hMm676Fmmn5c9A-9iiYK7VrZHBhKH2bYmfKjXctpB1B6lFOOOCDhnBHhVbJMoNz8-g0Ynrny88Kbh1YdxYq6Ty2LSNcRHawnaQcNeJ228whR857qttLtzM-wrVDlbZlF-bNhmzNkEgOjMfU82dVOxIQsG3mJjK6j-gnL-cFNASyBTd0NV5ifqqNPCTibVLvie_SXMY8HcdfkId3ABYC21Wr1accch8RsqXu0ff2fLwIz4jiCkJVnbEUfu2rlyghFQ9ltJ9KLzRDKxoI5imniVdNV0kNowl9g6Mc256q5pE1N9nmNIYfT6f4S25U7TqU4w__LEJ6seoTPT1vDFnoIHj3lt5No4_O1JL9pl6myTwEw6gao2xMU8mf0kI4CenLTMRf-65r0gwi1j_2Acxpwc0CzOYDGss2o8H5giy6Szg057tRgFUESSCoaWxcdyEzoP1BKL1SRfgWBfelKwqSQIwgojDKTgULY9TugT3YyPzB65-G3A2qj4z7G4rlq14pr4JETXc-d-zEUJGtBk4Ej2KrV1SYd1EmgfkwHzpViRdYfFZfZuKfl-DoTl0WohExmMqpvO9p9Rh4mJlqoHr46RfO0ICmpHrA78gckfP1iJ1NNeqxptlwTqk3oU2PE-zgQm3FzgiBfenUvO0AuX8z16C3iOEqBibjxPF2wKtZD1DkmXVWj4JS74GrRN69caZRWbc28HvooJTey_L-Ccc_MYH9qCCTTFz6mylOggG8-Ve0aB6ceg43xCFO-66OPlv4p9tdM_B1KKqnYMQMR5smwWhkHd_9FKQWJoP3TZ-PfX0AnHZO0ofw6ZJuy4uEf1yhDV7GYA3AorbDV9GgmqlTrLTV2TeONJB3Ul5kvamc0xIToMtiUX6kUllUlijZ_ZlRK-_v2RN8HAwjO6SqfFy6erSD-5Hs7gu9nAX-hfDGr9K-uBbIpRNWuvnr_Ij4I0fzRBZNaoRQBaIIyD0zVxp5agvKDQTr0P9vKj4XZJWav9XeQIJEHn02KyrVyHCLhHVsGpXTPoMqMJpFKW6WJFQxlnUwIk&cid=CAQSLQCNIrLMv73LODuNRcRI15RxJqH2TohEXMx5dUW_W-a9Iz4PkbdviXPxYzZbaw&rfl=1%2Chttps%253A%252F%252Fvtemu.by%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:10:57 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220301/r20110914/ Frame 4490 25 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220301/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5421be34bc9ac3564a6daa35c769d13876e5fa7c4a5ed4892e9e8c65d31c1e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 283
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9662
x-xss-protection: 0
server: cafe
etag: 2172778821077356944
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:09:06 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 0A95 2 KB
1 KB 118ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YiCw_AAErWEK4C3bAA8sKaFXkUood7KAU_QpLA&u=%7C5yi909FihAXqthaCfhtuFCWzUYOEzoZvomEPHeNPMSY%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9wdMQbUJ2oe0VN9BzJTyj-HjMvuxAXy2Tevw1hXaymk8OQIWWniy-Po-d5aFpl7cS_koJH7HO4G7OG1ux4NdedclZKVtCnYM4etddUrmURFyM2n4HjTVRNVu1ZyIlXXqG5Pix7SlDx0SDIa8YC_xxern_UbXgXko-vhZtFN5q8-LDBx-T7qN0wp6Sgdp6KC2nuLc8QC9C6heYLVR2ht5SuJBfVmruvCwEy4cxpYyAJCnyhH8tGjSEg6g6A5mB9CBNGdUKP2GpCtVZUQT5pIVa5xrMvw8-2T1exjF-KCLdXmBSb4eyOtsz8Tyyp7eSw9q1q2qSqsepyzvaWx9kBE9_qESmwppIc1v-Td21ntHVnEUeDNJRyM8BXfXC7V2vcRNup0thZW0TlJNVXAA-HHz1F9I&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpHPi_LAgYuHaEtvbgAep2LyQCcme0rFcvfGU93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMzk5MDQ5MDMzMTUzMTY1MqAB1bbS6gPIAQmpAtNKqH2CnLI-qAMBqgTOAU_Q98lWbthSH__TFyzgHr3-PwjhWLRka0PeHnwRgTbv6-mvFUd-AcTjgfzII4r-TU770VaVyWzkWmxslT-6LDnxAAVUV0G4wHRgqZ1Q6YVnIYDvDAF7XN7gAdbYmkfSk2qhdD_Gqu6CPTxHxJTbOp25yjLbLSIQZcSgEvoZz8Jd8EhGhy32CJiAWItE821i40NB5noc-Elr_J2bKh3ANdESeXVx58ElKcH5f_2s4I7SJxkApxG8llujvB5-u9U8fXk_AMaomJZ4E2PADmXGgAaalI351ZKE078BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1O3Qiw1A6t2eGR8XIe-3kd2j1XFw%26client%3Dca-pub-3990490331531652%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Feb 2023 12:13:49 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 0A95 2 KB
1 KB 122ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Feb 2023 12:13:49 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 0A95 308 B
636 B 110ms
25ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 26 Feb 2023 12:13:49 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 0A95 507 B
835 B 110ms
24ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 26 Feb 2023 12:13:49 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 0A95 43 B
347 B 209ms
16ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=SnRpYqj-_nUTPhwtB1-SiGYmvmsw0XDrfEyZvNtHrzDzNIkA90YrNQ1FsxA9DDVGpnzLZK0L0OWbEOfeY2ZcyQh-9qquP86t7InPQEa9pnqOus286qIXdc2r49DzE2vdP6yK--MNuzPOZzrASJJNDUYdqZQMm7poSyuoJW__ypmZ06KUojQTH-m3jn1phekSbInUxe09WRjfDA8yWzF6E8XS3G9hJvovFPzkjsBbYjHfPOOlb8bNiTxPznvsgMnA6-ZlAHgSxO7nAFQlwwidUijlgwYuscg5RCddLTLwWDLn4yFx1bRQGY_s2_jYx_gJNPmpT0kbOPr8jQw7AjovpKBztVKbavTAcFJm3VBe0su_srFAI_fNk9MUpr5sznryoMflZaW3R0QHGNSRf69lZyoXYmZOHgbhFsVmmMeYBDstYEMujgMyB8kAwyImYc7jz_TXRQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3623016
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 0A95 12 KB
6 KB 94ms
14ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Feb 2023 12:13:49 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0A95 4 KB
4 KB 62ms
16ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=208&m=0&partner=93301&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F93301%2F220221%2Fb62161cdaf0a4b9b8adade2ebfb2d871_an_blue-2-.jpg&v=3&w=416&s=EL85LwWwWsth686UxsA5P_zC

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e150bb1c25eca2cd75445ca3d1b1a6b57468549118c095e98778d7c6774694f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30312171
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 3586
expires: Fri, 17 Feb 2023 08:16:40 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0A95 70 KB
71 KB 76ms
30ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?m=0&partner=93301&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F93301%2F220221%2Fda9940d558bb4685be9f2076a62db28c_lithium_chile_adaptive_ads_1200x628px-no_logo.jpg&v=3&s=lU0UslsX_YOFYiLcYw9JqRMy

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

62b3b612237065d586fddd4d7a87f67f389c232913d869e5aa47504cb6839f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30312171
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 72104
expires: Fri, 17 Feb 2023 08:16:40 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 0A95 0
127 B 61ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=7Qi3XWFc2mU3so3UQmAs5kQfpWF1G-6M-4r6vYDvGcqlzqgM9lc2iGaFnncc4iZ5jBLZSqwe4vE49Kb9a5Oxv2hd8xnNxPsuT2zIUymK8BCAv380m6CRCIqGl9UC8OmWanWuYOShatZOBUk4zfN7T_5CdGzTmz7ZHsvFHDd76Oz61CAMQvlRLD4g0-VvRk5tKlai7goIxIE_9g3EOlJvH5I7lp5TLdFMK1MFSZWCa3fz9YwJViLSr_ABZ9FuLoh6K4LoqA&sds=2&rev=unknown&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 03 Mar 2022 12:13:48 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 0A95 2 KB
1 KB 76ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Feb 2023 12:13:49 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 0A95 2 KB
1 KB 18ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Feb 2023 12:13:49 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8150578953634767223/ Frame 97E1 36 KB
6 KB 33ms
18ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e2718b4b437edd86140d80891cf912e88267f780c14656e84f27a38b10f48b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:49 GMT
expires: Fri, 03 Mar 2023 12:13:49 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 05 May 2021 19:27:42 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4490 0
571 B 131ms
87ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_xowpnGEe7q8Y4rkM7LTJfeon4i_iqWwS0tmbemWrNiQHvJmqhMn_gxnM01E2ANgO8mKO-AgMtkmtGS6dch2am3jIcBRAGMWCN78eNWOCxI49BXppRx2St54p7CbaAbW7EKMV0weHIutWr3l6Cbb09XcNq_G2QIgWiqnFrHYXS2fQpFVy-1pqTPu6lYQubwC95wb6a9-UCjj7LWN0Gzh6zixUj2x_SJ2wHnxHr8_4lV5XvmhQI6EFuF9LRStUgeMHhDkHNUqCYnKyPZ2r7JTR36cmrOxWlFCpAoPVKvdVq2CKRYsu0i-ptwgVf2DyxWZv0zySPzobK8Vqx6BCVMOLteDFRNEeQdKB75inPimfMUfw14xpdYj7lXof9XDEc7p-InmuXmNmOWA5PzV3rHGjKjjhj4brF-fWUN2UCpNB372cPiIPrOLMSxBnh67pOTSCCJiS7MmhIiC7qKVZTvpMwMafix2Wzy0zPsJzETxEm6bFt2-rxq5doDbDsQ64MGgyyyZytRtkAV8DvY_PtzldiRwXNk3fwL6EcpoNMtCNqiVHamt5LIjb88YUGratV8yVFMRMN2qhgS0w23eMVJgIIN-Owt8rvm6hOGbjmyROpGZyjKGMbXsfnREOTK2JkJVhyg9E_VmNpQ13bsMCeyj2WPxmiCfNo2RZo_hqNUbrus_jB1lj7cyMmM2Lv1heychi_LHVhLE3EgTKGJdWcvIxCUhhL1c1WbNqZWu0VS_DB8bcYor1w8skeiFGM6MEpuOvyxZ1u9jwkhiUW1JM_KW3VEnyuiSlnFchmKNc5PRyXeuRYeeKH2Z8I0J6raRCdRXBxDX2lwt3u74VcY0eghTNI9DjmyaUDBPeolw4shSiUGQGrZDDvEF52JPnPZjlXA8ZVydxG8y9VQZiNrOlJF5HWfrZetcIJ3zP-YzQjVjuYxF5aXzA1xCTS7Tu_wEVCyrVFiaypG8aAlSc-iOMV4W-JW8MyZ_iJ58zenlFx4VWecYWenWlRadaciQHGCzdCkRsF9Da3uzK_1-5QPX26X8Vi23d3Qe0RpriVyl72WFEfKIPMcsNq-kVag-MtYEnuRGa47ihvTm_AJ_-SzuuWXibwXsBXdMWwMLBZ4kePbolSzVIeDAh8WpdqlWxPGieGxyMjITynlTugeSvQKfe32C625Ff8W05E3JVUMQgeTk8YrQI-vifwISSy6-tVDGg3enDnuk1e3iezbpyJPgDRjfdMV5ArObW_-e507hqhGbXxUYnkt-iIxmY&sai=AMfl-YRJ0ruDxhcqUIHnGvfebynSf0mQs79UViqA0syFmnZwF0wju3JypKVytzBm6-ynoUDnhsX9h--zHdfn318wpl6_T6e16DLtu_bsb9xZNwPlOqCu7UzO-Iclr3NqhvhtEPQNz67RQXAnD3wEwVigLaaXOD__TfJ3kzHp-se6S8lh5MPHFGrK6di6fiofZoyMomQeOPUy2fIbIJz4-KhDn96U0budA00O0WvEtQ&sig=Cg0ArKJSzFEsHJuz_ku6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=90&cbvp=1&cstd=83&cisv=r20220301.56419&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 03 Mar 2022 12:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

firstevent
skydeutschland.demdex.net/ Frame 4490
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=322895936&d_campaign=26938792&d_bust=3200232915&gdpr=&gdpr_con...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=322895936&d_campaign=26938792&d_bust=3200232915&gdpr=&gdp...

42 B
967 B

39ms
39ms

Image
image/gif

52.212.232.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=322895936&d_campaign=26938792&d_bust=3200232915&gdpr=&gdpr_consent=

Requested by

Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Server

52.212.232.57 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-232-57.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v028-0f2821d67.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: nqfYHjM8RSw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v028-020c7aa3d.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: +vI2O3vhTzU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=322895936&d_campaign=26938792&d_bust=3200232915&gdpr=&gdpr_consent=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 4490 43 B
1 KB 74ms
17ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=25742660&extPm=396915174&extCr=15577051873&gdpr=&gdpr_consent=&rnd=3200232915

Requested by

Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Meerbusch, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Do, 03 Mrz 2022 12:13:49 GMT
Server: Microsoft-IIS/8.5
Date: Thu, 03 Mar 2022 12:13:48 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6C42
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

88ms
81ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220301/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 12:13:49 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 03 Mar 2022 12:13:49 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 6614 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4253
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4490 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
URL: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 13:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 13:52:58 GMT

GET
DATA 200
OK truncated
/ Frame 4490 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53269e0bf879d49783a2a7f89310e9fe62d8d8d086101efcf856806039263823

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 style.css
s0.2mdn.net/sadbundle/8150578953634767223/ Frame 97E1 6 KB
2 KB 13ms
12ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8150578953634767223/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97f6f81b224c70cf2431f07287d287446129697370b4419a9b82838be0ea0174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 09:36:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 95843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1656
x-xss-protection: 0
last-modified: Wed, 05 May 2021 19:27:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 02 Mar 2023 09:36:26 GMT

GET
H3 200 Enabler_01_244.js Show response
s0.2mdn.net/879366/ Frame 97E1 109 KB
37 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_244.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 20:11:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57731
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38072
x-xss-protection: 0
last-modified: Tue, 07 Jul 2020 18:35:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Mar 2022 20:11:38 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/ Frame 97E1 59 KB
22 KB 36ms
14ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 43143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21678
timing-allow-origin: *
last-modified: Tue, 21 Jul 2020 23:12:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f177643-eca3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tdw5DwAiPh7vB15jAXNfdXpNT4k8tuBETqJzLHVNnrrsuIRgJY2y5a49aj9Ohs1j2F%2F79%2BBvvq9bWk2UUkBSdc2%2BlaSUMsMRf%2F0GaClRLev3a%2B%2FSp7BIeKC%2FOaYQ6%2BkMJcRerLUDL27yHl4u%2B6K8cnJc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e6249d089965b4a-FRA
expires: Tue, 21 Feb 2023 12:13:49 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 814A 22 KB
8 KB 10ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 13:54:22 GMT
expires: Wed, 01 Mar 2023 13:54:22 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 166767
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame E97D 6 KB
670 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1992333392&pi=t.aa~a.1040856864~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=0&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3952&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=cbRfOXMPBT&p=https%3A//vtemu.by&dtd=45

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 12:04:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 12:13:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame E97D 2 KB
904 B 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:57:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:57:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/ Frame E97D 19 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:06:13 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame E97D 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 853
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:59:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E97D 124 KB
38 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame E97D 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:09:45 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E97D 0
0 32ms
16ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ-R2tL3wlWgccU4VrdO6SVbZQwoOpM9KCA1-oQLC_-zK3fANSvi8f48e57uXbjJRJ-Mu_FCKbg3nDcLPthBqQjvwgXGA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1992333392&pi=t.aa~a.1040856864~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=0&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3952&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=cbRfOXMPBT&p=https%3A//vtemu.by&dtd=45
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 1983f1322954a331c3caffc9609329fe.js Show response
www.gstatic.com/mysidia/ Frame E97D 28 KB
12 KB 13ms
12ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1983f1322954a331c3caffc9609329fe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11765
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 01:32:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 31 May 2022 06:44:01 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame CAE3 8 KB
892 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 12:08:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 12:13:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame CAE3 2 KB
904 B 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:57:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:57:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/ Frame CAE3 19 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:06:13 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame CAE3 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 853
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:59:36 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame CAE3 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:09:45 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CAE3 124 KB
38 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 1983f1322954a331c3caffc9609329fe.js Show response
www.gstatic.com/mysidia/ Frame CAE3 28 KB
12 KB 12ms
12ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1983f1322954a331c3caffc9609329fe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11765
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 01:32:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 31 May 2022 06:44:01 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E97D 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJbjZ_bAgYqC_C6SOmAf2xLu4A8io2-Jor_zr1t8PgJu6wfUKEAEgsKjgBGCV4pCCoAegAauyxvwCyAEJqQKDkpxAiaGyPqgDAcgDywSqBOcBT9B1wwKCOXWd-GFbb-rSm82tpJ6xSOHgelMHrpeadghQrx22SSVEczx1sXR_3M2Uz7KSsIPY_zr3Kz4Lof999aNjpLR8zKbh2989fBzsLaUta4cMsht5U2jNUKPGHWplMLAF0GoNtKyxja1kJ3gK5QJB3_3EXyhS-lJ7Nr1Ay_ByU-qF7919pYxaM-SxNgAT77Tf2q-C7EHDozy3nFpaVlHVrnO29TPilUUZjkEoaUGE1N17cC9qvfdsOsNhQf7IGQvXcaE6gZ8cRRZsRTjV9vz53BlYHkQg5i1DEAgwSNW0infAYv7mwASv_4LrgASSBQQIBBgBkgUECAUYBKAGLoAHvc25gwGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCanw3SCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMzk5MDQ5MDMzMTUzMTY1MhgA&sigh=KcXWOgRw9Ts&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1992333392&pi=t.aa~a.1040856864~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=0&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3952&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=cbRfOXMPBT&p=https%3A//vtemu.by&dtd=45
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 03 Mar 2022 12:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CAE3 0
0 85ms
85ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C76Mk_bAgYsSACv-GxdwPwJmj2A2bmaP5ZrnF6PHZD8CNtwEQASCwqOAEYJXikIKgB6AB_8GVpyjIAQmpAkzz25C3m7I-qAMByAPLBKoE5wFP0P4y-yfscwoxuEmwTaiHYAfFRtW8uCgZP_to-aw-ZYrBXLHnidhcj6LgnJucy1A0wkEkQNTLupFmlUimyU1rYJ2n53IguFe4IBorQ1ncWXOGzwdTQ7-IplrzpCjO27QJIp244UY7r7jT6uJ9QsBcMDkY6GzJCNRagklDDistDPKOFMjsKdGiOY2UoAa1Dg1fwoFVEWFMCf-_NnV_csHyCeeX94Bt9xkLgtSzqOQu0InTSJ7vTwlX0tWATnpoXsoBG1g7tRR781Uk1RbP_v4MHXMH71ooz1RbiIQPM8cFPauFTgH8TFjABJyYyP_5A5IFBAgEGAGSBQQIBRgEoAYugAf_-eWGA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEELOhFdIICQiA4YAQEAEYH4AKAcgLAbgTiCfYEwrQFQGAFwGyFxwKGggAEhRwdWItMzk5MDQ5MDMzMTUzMTY1MhgA&sigh=0mruD_goY7M&uach_m=[UACH]&template_id=5000

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 03 Mar 2022 12:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14345921148182866353/ Frame CAE3 65 KB
65 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14345921148182866353/downsize_200k_v1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28f3a0ebe7e75321755ed479e596c7989fdcc497c0346a9d09dbdbbbc94ccf60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 11:57:13 GMT
x-content-type-options: nosniff
age: 173796
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66494
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 17:17:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 01 Mar 2023 11:57:13 GMT

GET
DATA 200
OK truncated
/ Frame CAE3 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame CAE3 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4490 0
23 B 63ms
48ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_xowpnGEe7q8Y4rkM7LTJfeon4i_iqWwS0tmbemWrNiQHvJmqhMn_gxnM01E2ANgO8mKO-AgMtkmtGS6dch2am3jIcBRAGMWCN78eNWOCxI49BXppRx2St54p7CbaAbW7EKMV0weHIutWr3l6Cbb09XcNq_G2QIgWiqnFrHYXS2fQpFVy-1pqTPu6lYQubwC95wb6a9-UCjj7LWN0Gzh6zixUj2x_SJ2wHnxHr8_4lV5XvmhQI6EFuF9LRStUgeMHhDkHNUqCYnKyPZ2r7JTR36cmrOxWlFCpAoPVKvdVq2CKRYsu0i-ptwgVf2DyxWZv0zySPzobK8Vqx6BCVMOLteDFRNEeQdKB75inPimfMUfw14xpdYj7lXof9XDEc7p-InmuXmNmOWA5PzV3rHGjKjjhj4brF-fWUN2UCpNB372cPiIPrOLMSxBnh67pOTSCCJiS7MmhIiC7qKVZTvpMwMafix2Wzy0zPsJzETxEm6bFt2-rxq5doDbDsQ64MGgyyyZytRtkAV8DvY_PtzldiRwXNk3fwL6EcpoNMtCNqiVHamt5LIjb88YUGratV8yVFMRMN2qhgS0w23eMVJgIIN-Owt8rvm6hOGbjmyROpGZyjKGMbXsfnREOTK2JkJVhyg9E_VmNpQ13bsMCeyj2WPxmiCfNo2RZo_hqNUbrus_jB1lj7cyMmM2Lv1heychi_LHVhLE3EgTKGJdWcvIxCUhhL1c1WbNqZWu0VS_DB8bcYor1w8skeiFGM6MEpuOvyxZ1u9jwkhiUW1JM_KW3VEnyuiSlnFchmKNc5PRyXeuRYeeKH2Z8I0J6raRCdRXBxDX2lwt3u74VcY0eghTNI9DjmyaUDBPeolw4shSiUGQGrZDDvEF52JPnPZjlXA8ZVydxG8y9VQZiNrOlJF5HWfrZetcIJ3zP-YzQjVjuYxF5aXzA1xCTS7Tu_wEVCyrVFiaypG8aAlSc-iOMV4W-JW8MyZ_iJ58zenlFx4VWecYWenWlRadaciQHGCzdCkRsF9Da3uzK_1-5QPX26X8Vi23d3Qe0RpriVyl72WFEfKIPMcsNq-kVag-MtYEnuRGa47ihvTm_AJ_-SzuuWXibwXsBXdMWwMLBZ4kePbolSzVIeDAh8WpdqlWxPGieGxyMjITynlTugeSvQKfe32C625Ff8W05E3JVUMQgeTk8YrQI-vifwISSy6-tVDGg3enDnuk1e3iezbpyJPgDRjfdMV5ArObW_-e507hqhGbXxUYnkt-iIxmY&sai=AMfl-YRJ0ruDxhcqUIHnGvfebynSf0mQs79UViqA0syFmnZwF0wju3JypKVytzBm6-ynoUDnhsX9h--zHdfn318wpl6_T6e16DLtu_bsb9xZNwPlOqCu7UzO-Iclr3NqhvhtEPQNz67RQXAnD3wEwVigLaaXOD__TfJ3kzHp-se6S8lh5MPHFGrK6di6fiofZoyMomQeOPUy2fIbIJz4-KhDn96U0budA00O0WvEtQ&sig=Cg0ArKJSzFEsHJuz_ku6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=308&vt=11&dtpt=218&dett=3&cstd=83&cisv=r20220301.56419&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 css
fonts.googleapis.com/ Frame 53E6 6 KB
670 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 12:08:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 12:13:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 53E6 2 KB
904 B 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:57:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:57:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/ Frame 53E6 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:06:13 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 53E6 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 853
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:59:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 53E6 124 KB
38 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 53E6 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:09:45 GMT

GET
H3 200 1983f1322954a331c3caffc9609329fe.js Show response
www.gstatic.com/mysidia/ Frame 53E6 28 KB
12 KB 17ms
17ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1983f1322954a331c3caffc9609329fe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11765
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 01:32:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 31 May 2022 06:44:01 GMT

GET
H3 200 bc08fdea3b82a182a21a73fef7a1aee0.js Show response
www.gstatic.com/mysidia/ Frame 7F43 8 KB
4 KB 14ms
14ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/bc08fdea3b82a182a21a73fef7a1aee0.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8bb87138340978cee03b47477f9e45685ec275c6663e909c51403d4317830dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:26:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107210
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3664
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 06:13:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 31 May 2022 06:26:59 GMT

GET
H3 200 b46067733e7b2ca12cbbd351a7043902.js Show response
www.gstatic.com/mysidia/ Frame 7F43 14 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b46067733e7b2ca12cbbd351a7043902.js?tag=pingback

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfac8ab096a95a59ac9fd6efd71b886fcae0699c3dcc2cfbc57fb4773862bf8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:59:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105259
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5852
x-xss-protection: 0
last-modified: Sat, 26 Feb 2022 02:02:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 31 May 2022 06:59:30 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7F43 8 KB
892 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 12:07:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 12:13:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 7F43 2 KB
904 B 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:57:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:57:58 GMT

GET
H3 200 d34df65fcafd90cc5429663efaa0dabf.js Show response
www.gstatic.com/mysidia/ Frame 7F43 6 KB
2 KB 14ms
14ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d34df65fcafd90cc5429663efaa0dabf.js?tag=analytics_pingback_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

595c8e1b1a02e786dc2842bf830ea10563de9c49058163de036b0c1c978ded66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 07:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15555
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2261
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 01:32:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 01 Jun 2022 07:54:34 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/ Frame 7F43 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:06:13 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 7F43 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 853
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:59:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7F43 124 KB
38 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 7F43 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:09:45 GMT

GET
H3 200 1983f1322954a331c3caffc9609329fe.js Show response
www.gstatic.com/mysidia/ Frame 7F43 28 KB
12 KB 16ms
15ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1983f1322954a331c3caffc9609329fe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11765
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 01:32:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 31 May 2022 06:44:01 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 53E6 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CcWk8_bAgYvznCreNxdwPvqm8gATIqNviaK_869bfD4CbusH1ChABILCo4ARgleKQgqAHoAGrssb8AsgBCakCg5KcQImhsj6oAwHIA8sEqgTtAU_QcDgkpVSI-EFG3E_0Xc9MCfYf0z6L_eajq4Xd63mVuE-U9IFe3HfMJOfSHMbckG4AejHu8dJyDQoHuJU2moLQuf-OeWQ_n2b9EOnNrOQiqxxQpxcvOyki-mafOzvYyJnXUo565VJ-3L6G80mscujgBAN6-KZ9EgYmChcAE3cay7YqGE5Q1gz_TfjSDXAL2K4QqC7oqb-UmhzHiXFkWTUMuWcOJ08WdcoLfhcWHi93QHX8nH0WiKfGoAxlTaU598fYJ4l-ofM2AR3DYLlaBVZucIr_rfwaBxH-8p6bLgLVVltBblG5YTSfdAqHdcAEr_-C64AEkgUECAQYAZIFBAgFGASgBi6AB73NuYMBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ-b0M0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTM5OTA0OTAzMzE1MzE2NTIYAA&sigh=Bnt1ziK1bNg&uach_m=[UACH]&template_id=484

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 03 Mar 2022 12:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12777653077297844734/ Frame 53E6 12 KB
12 KB 12ms
12ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12777653077297844734/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64f61876f608bde33c6529347ce047f5a14d12b020ff36058bc402c15da52be3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 04:51:38 GMT
x-content-type-options: nosniff
age: 26531
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12073
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 08:14:02 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Mar 2023 04:51:38 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1692900399547723785/ Frame 53E6 2 KB
2 KB 12ms
11ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1692900399547723785/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a7dc61ab92fe7e9368b3e064ae9ea10b0f54d0d41bb0cf84fd84f677e61f2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 05:36:35 GMT
x-content-type-options: nosniff
age: 23834
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2062
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 17:09:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Mar 2023 05:36:35 GMT

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 814A 35 KB
13 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4253
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 97E1 7 KB
6 KB 35ms
19ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_244&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b562a94510d64265089955b45e6d31f0de11a90b4dd1d33d6ceeec921fb68e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5700
x-xss-protection: 0

GET
H3 200 skyLogo_970x250_2020.png_1621952551211_skyLogo_970x250_2020.png
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 97E1 15 KB
15 KB 13ms
12ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/skyLogo_970x250_2020.png_1621952551211_skyLogo_970x250_2020.png

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

228bcb24447f47d86dc76134510b8944239701737221b012c19b1cbe54020add

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:29:57 GMT
x-content-type-options: nosniff
age: 132232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15046
x-xss-protection: 0
last-modified: Tue, 25 May 2021 14:22:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 23:29:57 GMT

GET
H3 200 blank.png_1621952551211_blank.png
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 97E1 95 B
120 B 14ms
10ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/blank.png_1621952551211_blank.png

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:00:10 GMT
x-content-type-options: nosniff
age: 148419
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95
x-xss-protection: 0
last-modified: Tue, 25 May 2021 14:22:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 19:00:10 GMT

GET
H3 200 DCO_0107_Engagement_Sky_Select_970x250_1.jpg_1625235253458_DCO_0107_Engagement_Sky_Select_970x250_1.jpg
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 97E1 60 KB
60 KB 14ms
10ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/DCO_0107_Engagement_Sky_Select_970x250_1.jpg_1625235253458_DCO_0107_Engagement_Sky_Select_970x250_1.jpg

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01cf49fae11a0f4a3835afeeadbaaa585707cbb1826748fbf6c52a15e5a0d9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 11:22:44 GMT
x-content-type-options: nosniff
age: 89465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61915
x-xss-protection: 0
last-modified: Fri, 02 Jul 2021 14:14:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 11:22:44 GMT

GET
H3 200 DCO_0107_Engagement_Sky_Select_970x250_2.jpg_1625235253458_DCO_0107_Engagement_Sky_Select_970x250_2.jpg
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 97E1 85 KB
85 KB 26ms
17ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/DCO_0107_Engagement_Sky_Select_970x250_2.jpg_1625235253458_DCO_0107_Engagement_Sky_Select_970x250_2.jpg

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b37be55509d191b4845b91145c233822b76e04b1059358bc5f6980190e005916

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 14:43:30 GMT
x-content-type-options: nosniff
age: 163819
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86880
x-xss-protection: 0
last-modified: Fri, 02 Jul 2021 14:14:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 14:43:30 GMT

GET
H3 200 DCO_0107_Engagement_Sky_Select_970x250_3.jpg_1625235253458_DCO_0107_Engagement_Sky_Select_970x250_3.jpg
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 97E1 59 KB
59 KB 25ms
16ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/DCO_0107_Engagement_Sky_Select_970x250_3.jpg_1625235253458_DCO_0107_Engagement_Sky_Select_970x250_3.jpg

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

958f584f5ccc398baa929b25c51a6511b2dc09c77b722c6e5ffbb0779f1ac2c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8150578953634767223/index.html?e=69&leftOffset=0&topOffset=0&c=Vr1SkCoJBv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:02:39 GMT
x-content-type-options: nosniff
age: 148270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59971
x-xss-protection: 0
last-modified: Fri, 02 Jul 2021 14:14:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 19:02:39 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3020 1 KB
749 B 14ms
11ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 03 Mar 2022 05:53:44 GMT
expires: Fri, 04 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 22805
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sky_medium.woff
s0.2mdn.net/creatives/assets/3668815/ Frame 97E1 27 KB
27 KB 9ms
9ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3668815/sky_medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8150578953634767223/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4373878b9f750698b6a199ebc0eb0e550df208c5a1f9f778a346e271a2b4d733

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8150578953634767223/style.css
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:03:07 GMT
x-content-type-options: nosniff
age: 642
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27952
x-xss-protection: 0
last-modified: Thu, 20 Feb 2020 12:38:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Mar 2022 12:18:07 GMT

GET
DATA 200
OK truncated
/ Frame E97D 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b195b9112e739241d9c3d31be62aef95867317563370f59d963cc64ccf985b55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B7EE 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 03 Mar 2022 05:53:44 GMT
expires: Fri, 04 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 22805
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CAE3 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca3ab058d4a2f973d36d9918d1eb3253f55c6aa6fa9f447363ca20a575e21964

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame E97D 15 KB
15 KB 29ms
13ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 17:58:32 GMT
x-content-type-options: nosniff
age: 65717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Mar 2023 17:58:32 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame E97D 15 KB
15 KB 22ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 65850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Mar 2023 17:56:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame E97D 15 KB
15 KB 21ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 09:48:03 GMT
x-content-type-options: nosniff
age: 527146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 25 Feb 2023 09:48:03 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 97E1 17 KB
6 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:49 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 28C9 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 03 Mar 2022 05:53:44 GMT
expires: Fri, 04 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 22805
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame CAE3 28 KB
28 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 22:46:42 GMT
x-content-type-options: nosniff
age: 134827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 21:57:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 22:46:42 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/18146819738430160187/ Frame 7F43 30 KB
30 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18146819738430160187/downsize_200k_v1?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

513daa549555cdc580edab7dc07b2ed592c6bae4e426e24b35245b8a2942134d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 17:07:38 GMT
x-content-type-options: nosniff
age: 587171
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30568
x-xss-protection: 0
last-modified: Wed, 06 Oct 2021 17:50:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 24 Feb 2023 17:07:38 GMT

GET
DATA 200
OK truncated
/ Frame 7F43 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7F43 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7F43 0
0 82ms
82ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cd7jd_bAgYpjiCsj0ywWvyIj4Cf2z9tBl8MfYjPYO0JCA7JACEAEgsKjgBGCV4pCCoAegAdfF1dcCyAEJqQKDkpxAiaGyPqgDAcgDywSqBOoBT9DQVlmMrmqSER7TfEmsvX9PWkhrlcZ2fr7-cP9RDe0Q3a0BGZ35DZsQVQ3Ng3duWgmVekFozfq8KfsE3p3yjLEH6acKzYg8cSNH-U1tpWAzKkEa-uLGdFoVRK4y4YIHbUEKDnkQYd62cZo3NUfhTg5SJRCfuq3zzLAu3gFs3GXZLOIOyLjkUP-LVBBOJaMWLeSzbc9X2Kcwv3YoQVJJKyovWqIY6-KOH40EIvVzUPHYz3SLqC2VmOAXbuKA_0tzJpiAhxDWgIlY2n3iVWLSDoLl3BG9ueEs6zbnipWJj1NX2cnxSqq4FfORwATnypXYygOSBQQIBBgBkgUECAUYBKAGLoAHkbqqqAGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDgrQbSCAkIgOGAEBABGB-ACgHICwG4E4gn2BMK0BUBmBYBgBcBshccChoIABIUcHViLTM5OTA0OTAzMzE1MzE2NTIYAA&sigh=b_Fp6qPo7LM&uach_m=[UACH]&template_id=5000

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 03 Mar 2022 12:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 53E6 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78d90f70f7edecc7917f4fbacf33923e8a665db0f4ffb3296263c173974b6645

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 53E6 15 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 17:58:32 GMT
x-content-type-options: nosniff
age: 65717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Mar 2023 17:58:32 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 53E6 15 KB
15 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 65850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Mar 2023 17:56:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 53E6 15 KB
15 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 09:48:03 GMT
x-content-type-options: nosniff
age: 527146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 25 Feb 2023 09:48:03 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2B5D 1 KB
749 B 10ms
10ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 03 Mar 2022 05:53:44 GMT
expires: Fri, 04 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 22805
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7F43 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a03d7b65269c39bba0188ab73ed3dfaea2bbb79a03d8d8b936b6596db4cad66e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3020 35 B
464 B 39ms
10ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEvhobmhwSfmzM_JhVdTSvQ&google_cver=1&google_push=AYg5qPLXNvvZkGqjA4hFQT79otxDofiInOqAchQ0NTTwCLOEhyOheE3OvyUlICR7GNIzlqhhHc5CsG65zCuNccN6LhfWqowwEAKrnQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3020
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEFY0BZzZNJjMaDswAquSFsE&google_cver=1&google_push=AYg5qPIzRCTVcmb8h2sHXG3bvWzU8FkPiqDo5nywoLcJe3_5aOlba6bIfp8xyyFs3PQdRTffueYrdXtkQCBTnMjYZ18vB5GmNv6H
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPIzRCTVcmb8h2sHXG3bvWzU8FkPiqDo5nywoLcJe3_5aOlba6bIfp8xyyFs3PQdRTffueYrdXtkQCBTnMjYZ18vB5GmNv6H&google_hm=Q0FFU0VGWTBCWnpaTkpqT...

170 B
188 B

21ms
20ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPIzRCTVcmb8h2sHXG3bvWzU8FkPiqDo5nywoLcJe3_5aOlba6bIfp8xyyFs3PQdRTffueYrdXtkQCBTnMjYZ18vB5GmNv6H&google_hm=Q0FFU0VGWTBCWnpaTkpqTWFEc3dBcXVTRnNF

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:49 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPIzRCTVcmb8h2sHXG3bvWzU8FkPiqDo5nywoLcJe3_5aOlba6bIfp8xyyFs3PQdRTffueYrdXtkQCBTnMjYZ18vB5GmNv6H&google_hm=Q0FFU0VGWTBCWnpaTkpqTWFEc3dBcXVTRnNF
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 3020 43 B
351 B 75ms
25ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEEjoNYPbyldLNktekkcFTHk&google_cver=1&google_push=AYg5qPJVBjg-yDX1h0zFAZbLPyHjFF-bkRuHQUHWSfVOhiuTWORlmwwvcXwas5sEsuGDWGScugBswxO-DZotDpNsrcRvuCYr0JwHgA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1992333392&pi=t.aa~a.1040856864~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=0&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3952&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=cbRfOXMPBT&p=https%3A//vtemu.by&dtd=45
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: tqu0t99qbgj47fgo9ajvkuhfkt9ln0od

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3020
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=LQgUj3NyTlG5dl_bDLM8BA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=LQgUj3NyTlG5dl_bDLM8BA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKikAfW5ybZMPOrZzuD41CVMjfZkr_ni8Q_NSGoJyiWbOMPH1e0l_k1EKk3SwY9HHERwVdR_HZDgQZLcQ8tDtGxd1aBgcef3w

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=LQgUj3NyTlG5dl_bDLM8BA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKikAfW5ybZMPOrZzuD41CVMjfZkr_ni8Q_NSGoJyiWbOMPH1e0l_k1EKk3SwY9HHERwVdR_HZDgQZLcQ8tDtGxd1aBgcef3w
date: Thu, 03 Mar 2022 12:13:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3020
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJfpfLzt9680Kc2U0gHIK-E&google_cver=1&google_push=AYg5qPJZ9THaZtp1sdJOb9hxcSG-il8tHHJRuLYQQliTVLneUb06xS-5amz25cAeWcStbvXPScs...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXRU4tVC1JTEUw&google_push=AYg5qPJZ9THaZtp1sdJOb9hxcSG-il8tHHJRuLYQQliTVLneUb06xS-5amz25cAeWcStbvXPScsbga1vG0_XqQNZoepoAZwbN5wE

170 B
188 B

27ms
24ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXRU4tVC1JTEUw&google_push=AYg5qPJZ9THaZtp1sdJOb9hxcSG-il8tHHJRuLYQQliTVLneUb06xS-5amz25cAeWcStbvXPScsbga1vG0_XqQNZoepoAZwbN5wE

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXRU4tVC1JTEUw&google_push=AYg5qPJZ9THaZtp1sdJOb9hxcSG-il8tHHJRuLYQQliTVLneUb06xS-5amz25cAeWcStbvXPScsbga1vG0_XqQNZoepoAZwbN5wE
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 3020
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 3020 43 B
296 B 158ms
21ms Image
image/gif 2a05:d01c:1d8:8100:39fb:2754:c941:3afb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEMNbvLcmn3zAf9fFLP_LBNQ&google_cver=1&google_push=AYg5qPL31Qqy0-9FwrmRxBkrTwCHOxBaGrM8DpbiiaazgJ-64xJrKny5tAOZ4l2Gi9FB_XaE3g-Me_KFuzqYgzkn4fYqwCGXdPoNMw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1992333392&pi=t.aa~a.1040856864~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=0&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3952&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=cbRfOXMPBT&p=https%3A//vtemu.by&dtd=45
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:39fb:2754:c941:3afb London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3020 0
12 B 45ms
45ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LXM3kKN_QMDVdASWqYTp0B46nOFi3KvQx-Cnu0huSP0vVkUTeoJrvppX8XSrNjvkBNDH1b

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:49 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12777653077297844734/ Frame E97D 12 KB
12 KB 9ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12777653077297844734/downsize_200k_v1?w=400&h=209

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64f61876f608bde33c6529347ce047f5a14d12b020ff36058bc402c15da52be3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 04:51:38 GMT
x-content-type-options: nosniff
age: 26531
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12073
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 08:14:02 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Mar 2023 04:51:38 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1692900399547723785/ Frame E97D 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1692900399547723785/downsize_200k_v1?w=100&h=100

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a7dc61ab92fe7e9368b3e064ae9ea10b0f54d0d41bb0cf84fd84f677e61f2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 05:36:35 GMT
x-content-type-options: nosniff
age: 23834
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2062
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 17:09:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Mar 2023 05:36:35 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F43 0
20 B 40ms
39ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoKCAEqBmJhbm5lcgoKCAIqBnNlcnZlcgovCAQqK215c2lkaWFfYW5hbHl0aWNzX2V4cDIsbXlzaWRpYV9yZWxlYXNlX3Byb2QKDRArIQAAAAAAAERAMAQKDRADIQAAAMzMlIVAMAQKDRAKIQAAAABmZgZAMAQKDRANIQAAAACgmbk_MAQKDhAeKggxMjAweDI4MDAECg4QGSoIMTIwMHgyODAwBAoNEA4hAAAAAAAAAAAwBAoNEAQhAAAAzMywhUAwBAoNEA8hAAAAAAAAAAAwBAoNECshAAAAAACARkAwBAoNEAUhAAAAZmayhUAwBAoNEBAhAAAAAECQ4UAwBAoNEBEhAAAAAIAUzUAwBAoNEBIhAAAAAAAAFEAwBAoNEBMhAAAAAAAACEAwBAoNEBchAAAAMzNHiEAwBBIaQ05qVWpLWDFxZllDRlVqNnNnb2RMeVFDbnciCXRleHQvcnl1aygV

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/b46067733e7b2ca12cbbd351a7043902.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B7EE
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENAQKrYA6-r_HMTdPzG68cg&google_cver=1&google_push=AYg5qPI-2X5cPLX7d6OUmMJPD7qJGuQSI-iKtCYs2ZXCVpnVf2G6uv1mLS...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPI-2X5cPLX7d6OUmMJPD7qJGuQSI-iKtCYs2ZXCVpnVf2G6uv1mLSJYfBQAgGDp8p4ct-6zRFy5Jofmmu2-7ir2emTY5tWy&google_hm=h8bGzB8qhyoN...

170 B
188 B

22ms
22ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPI-2X5cPLX7d6OUmMJPD7qJGuQSI-iKtCYs2ZXCVpnVf2G6uv1mLSJYfBQAgGDp8p4ct-6zRFy5Jofmmu2-7ir2emTY5tWy&google_hm=h8bGzB8qhyoNMNDqDLhSbA

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPI-2X5cPLX7d6OUmMJPD7qJGuQSI-iKtCYs2ZXCVpnVf2G6uv1mLSJYfBQAgGDp8p4ct-6zRFy5Jofmmu2-7ir2emTY5tWy&google_hm=h8bGzB8qhyoNMNDqDLhSbA
pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B7EE
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJEbyBMTVNGoBSlVUN-t4oWt52gbnFKR84kdMt...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlDdy1nQUFCTmloeVdUcg&google_push=AYg5qPJEbyBMTVNGoBSlVUN-t4oWt52gbnFKR84kdMt17XTfno4Y2P4XRSTqoJWif8PMtlnOLBv5sKSQFzcSfMjotsWT9gecfpw

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlDdy1nQUFCTmloeVdUcg&google_push=AYg5qPJEbyBMTVNGoBSlVUN-t4oWt52gbnFKR84kdMt17XTfno4Y2P4XRSTqoJWif8PMtlnOLBv5sKSQFzcSfMjotsWT9gecfpw

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlDdy1nQUFCTmloeVdUcg&google_push=AYg5qPJEbyBMTVNGoBSlVUN-t4oWt52gbnFKR84kdMt17XTfno4Y2P4XRSTqoJWif8PMtlnOLBv5sKSQFzcSfMjotsWT9gecfpw
Date: Thu, 03 Mar 2022 12:13:50 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 dds
rtb.openx.net/sync/ Frame B7EE 43 B
135 B 18ms
17ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJLEBJlmZqENm9-AlV0H5QY&google_cver=1&google_push=AYg5qPLJh_91I7gOSBNSgC0Sf4rY4EFbtHPTH0JUELxHoET1pAm_HrEob4BjJvFgdUBcFtmWdmy-2T-ZMGv6gQ8ItFqdM09tVWRE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 4kpp8i8ad0cd5q4mhvge2rjliuovk83a

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B7EE
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eeD-ESOUTaqDsmfES9JBIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

26ms
26ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eeD-ESOUTaqDsmfES9JBIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKQ-qSk3zKGpeZBjdMcn0cAwcMg4hNzGR_fWYVYTzgNUvmpjHYAy3SPc0HI0gbiD4Tm377-HICDs2e6T4AA47mruWIIaSQJ

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eeD-ESOUTaqDsmfES9JBIw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKQ-qSk3zKGpeZBjdMcn0cAwcMg4hNzGR_fWYVYTzgNUvmpjHYAy3SPc0HI0gbiD4Tm377-HICDs2e6T4AA47mruWIIaSQJ
date: Thu, 03 Mar 2022 12:13:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B7EE
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJbnmiZU1PBshh4m6NoBaz8&google_cver=1&google_push=AYg5qPLao9Ni6b7Amsf3DRNzKD_eM4QK8KbsRz2K0Z8vTYvMVsi_SjEtXbhNAaUJHMQSjWafrV_...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXR0ktQi1BOFdO&google_push=AYg5qPLao9Ni6b7Amsf3DRNzKD_eM4QK8KbsRz2K0Z8vTYvMVsi_SjEtXbhNAaUJHMQSjWafrV_Y3ZUbMxZLQCJTB1NeSX6Bymqz

170 B
188 B

26ms
25ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXR0ktQi1BOFdO&google_push=AYg5qPLao9Ni6b7Amsf3DRNzKD_eM4QK8KbsRz2K0Z8vTYvMVsi_SjEtXbhNAaUJHMQSjWafrV_Y3ZUbMxZLQCJTB1NeSX6Bymqz

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXR0ktQi1BOFdO&google_push=AYg5qPLao9Ni6b7Amsf3DRNzKD_eM4QK8KbsRz2K0Z8vTYvMVsi_SjEtXbhNAaUJHMQSjWafrV_Y3ZUbMxZLQCJTB1NeSX6Bymqz
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame B7EE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4O...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B7EE
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEDDGroITOfwS5nUnM-0QpXY&google_cver=1&google_push=AYg5qPLHxXOilVkKJ-OeBmOD...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLHxXOilVkKJ-OeBmODvmq0B8CR9jEMKl5QA-wSHVCUUBwLJxWlRerxSErY96i5yelNxuQOjA7puIkxZrI6npw-LO1tf_whKA&google_hm=lbmglbvffofotpk...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLHxXOilVkKJ-OeBmODvmq0B8CR9jEMKl5QA-wSHVCUUBwLJxWlRerxSErY96i5yelNxuQOjA7puIkxZrI6npw-LO1tf_whKA&google_hm=lbmglbvffofotpkejbvpjpwsxblc

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLHxXOilVkKJ-OeBmODvmq0B8CR9jEMKl5QA-wSHVCUUBwLJxWlRerxSErY96i5yelNxuQOjA7puIkxZrI6npw-LO1tf_whKA&google_hm=lbmglbvffofotpkejbvpjpwsxblc
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 02 Mar 2022 12:13:50 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B7EE 0
12 B 22ms
21ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JfDBRHj7bzxNFj836O9KFKQztC8RfdPkT_U2EfzxwLF2dnonw8cu1cCRE8ErnjGQG6dJ0VFA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 63C3 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame B35C 35 KB
13 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 91E1 8 KB
892 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 10:21:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 12:13:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 12:13:50 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 91E1 2 KB
914 B 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:57:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 952
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:57:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/ Frame 91E1 19 KB
8 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 457
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:06:13 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 91E1 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 854
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 11:59:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 91E1 124 KB
38 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:50 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/ Frame 91E1 15 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220301/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 245
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 12:09:45 GMT

GET
H3 200 1983f1322954a331c3caffc9609329fe.js Show response
www.gstatic.com/mysidia/ Frame 91E1 28 KB
12 KB 13ms
13ms Script
text/javascript 2a00:1450:400e:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1983f1322954a331c3caffc9609329fe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:811::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106189
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11765
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 01:32:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 31 May 2022 06:44:01 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 28C9
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEFu-8Rn2_ohqAhYAFD0BsUM&google_cver=1&google_push=AYg5qPLyH9oAXhD8WZCS_hlkupp92SqL43bXWr8l5Mq3ZVMgUzxpfww8VW...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLyH9oAXhD8WZCS_hlkupp92SqL43bXWr8l5Mq3ZVMgUzxpfww8VWHg9vI0fSGER3VnO5fZNVH3s28omthmO1v-H6CDUg&google_hm=h8bGzB8qhyoNMN...

170 B
188 B

26ms
26ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLyH9oAXhD8WZCS_hlkupp92SqL43bXWr8l5Mq3ZVMgUzxpfww8VWHg9vI0fSGER3VnO5fZNVH3s28omthmO1v-H6CDUg&google_hm=h8bGzB8qhyoNMNDqDLhSbA

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLyH9oAXhD8WZCS_hlkupp92SqL43bXWr8l5Mq3ZVMgUzxpfww8VWHg9vI0fSGER3VnO5fZNVH3s28omthmO1v-H6CDUg&google_hm=h8bGzB8qhyoNMNDqDLhSbA
pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 28C9
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKXweyJ...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKXweyJ...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMDMxMjEzNTAwMDA2OTU3OTQ3MzU5NA%3D%3D&google_push=AYg5qPKXweyJBPp8kUrmCgpaDinO8TDw2VwDXrbK4zByQxFE6EoMitflusJGq5WaBMuj4P...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMDMxMjEzNTAwMDA2OTU3OTQ3MzU5NA%3D%3D&google_push=AYg5qPKXweyJBPp8kUrmCgpaDinO8TDw2VwDXrbK4zByQxFE6EoMitflusJGq5WaBMuj4P-60izS0VcNPIaTSocR6T9XUZScxg

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMDMxMjEzNTAwMDA2OTU3OTQ3MzU5NA%3D%3D&google_push=AYg5qPKXweyJBPp8kUrmCgpaDinO8TDw2VwDXrbK4zByQxFE6EoMitflusJGq5WaBMuj4P-60izS0VcNPIaTSocR6T9XUZScxg
pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Thu, 03 Mar 2022 12:13:50 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 28C9 43 B
609 B 134ms
104ms Image
image/gif 35.190.90.30
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEBF_wdUoq-tGJ0MCh1mSeMk&google_push=AYg5qPLOP3j1WYgmEt2VMT2aj8ciBwlkCyviHlTVqKpAfe9B2-yRGkItubqhRdhncq5ZKThQO6vW2qMSwRT6izBG7ccGJdK_cQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.90.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.90.190.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 28C9 43 B
64 B 28ms
17ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEFSop6Co9exrKNbAnYy_bYI&google_cver=1&google_push=AYg5qPK7ZIL2l2sZY8SMqvBCwemquo_DZi0DiUg8BHiee6NMjWgVKF__Qe1O-3triuejP4DmkxWlqSJPWhiruOFtoYE8_Qwzfg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 90hs5g6ib04nv86d16g5colq2aefj5ef

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 28C9
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_pgxRVAnRVWmNadFZJ6f4Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

26ms
26ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_pgxRVAnRVWmNadFZJ6f4Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI9IU6hOsso5igAuDZKbKxLmMJOwmcrzydvNuqI4AjjrPWVNNjETUu52x2AJYXBo0vDV0SwT8_r0RWrOO5d914jRKwrxg

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_pgxRVAnRVWmNadFZJ6f4Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI9IU6hOsso5igAuDZKbKxLmMJOwmcrzydvNuqI4AjjrPWVNNjETUu52x2AJYXBo0vDV0SwT8_r0RWrOO5d914jRKwrxg
date: Thu, 03 Mar 2022 12:13:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 28C9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEC4yfaRocwlWOOf_X9XheqY&google_cver=1&google_push=AYg5qPLvdcrpJv7aAC2Iyad-jIQtjMuM1o2FFzIIFggj4rGSZf_GwnhXBhgPR95rqUYr7A3kUqH...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXSDUtMTAtTTlDOQ==&google_push=AYg5qPLvdcrpJv7aAC2Iyad-jIQtjMuM1o2FFzIIFggj4rGSZf_GwnhXBhgPR95rqUYr7A3kUqHEukwj3lrFkUsKSqdTZQhyaA

170 B
188 B

26ms
25ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXSDUtMTAtTTlDOQ==&google_push=AYg5qPLvdcrpJv7aAC2Iyad-jIQtjMuM1o2FFzIIFggj4rGSZf_GwnhXBhgPR95rqUYr7A3kUqHEukwj3lrFkUsKSqdTZQhyaA

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXSDUtMTAtTTlDOQ==&google_push=AYg5qPLvdcrpJv7aAC2Iyad-jIQtjMuM1o2FFzIIFggj4rGSZf_GwnhXBhgPR95rqUYr7A3kUqHEukwj3lrFkUsKSqdTZQhyaA
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 28C9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aak...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 28C9 0
12 B 16ms
14ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JqYouVCU6AF6zgUd4xlAHxEX6S9G6GnaqlIRuREPCAbK4eqOLTRmgfs-vfF1JWs4vHNsBS

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame A9D0 35 KB
13 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=3532037373&pi=t.aa~a.16710222~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0&nras=2&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=K5bGfq5tLQ&p=https%3A//vtemu.by&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 91E1 0
0 82ms
82ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cz9I2_bAgYpD9CpDOygXh2amoCcCbrNxooNSvktAM2qOr0JQdEAEgsKjgBGCV4pCCoAegAa2l0I8DyAEJqQJM89uQt5uyPqgDAcgDywSqBNYBT9ADEPySuCL7FJ4I8yCykMSpQarVuxQNkx22ayYiME9mqCKgL8nYUnSHtRwwjagD7LIXJmLhTPeTF6yh0L0jxr98_hvXjLh7Qyrxw8ig1Hp4K6cmi3zCddcw7sIt58RDfDD3oCv1fbLcrpDx7ArK86P-2p0jFxHGZVSLFuaqt2wP5i2f5DulrSr1r3IohJFw0BY4dBgRL_jq0JS7VfrJzHndAJtDzEYfWTUsy3fiAA1s4cSNs-qdTLtLCCNbiTMtt1IXYvR8wJb2q4FSWS3P_NT6jhtDisAEoMG5grgDkgUECAQYAZIFBAgFGASgBi6AB7var3CoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDMjgbSCAkIgOGAEBABGB-ACgHICwG4E4gn2BMNiBQB0BUBgBcBshccChoIABIUcHViLTM5OTA0OTAzMzE1MzE2NTIYAA&sigh=1_8qsxB1_XM&uach_m=[UACH]&cid=CAQSOwCNIrLMSE_ll7OLB9VA8avyCcQEnMEEjjKwxBYUpfweLtWAgA_17DLVZL1xk_zEY4Xzr3MfC6UtMar-GAE&template_id=5000

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 03 Mar 2022 12:13:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 8044 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1310346013&pi=t.aa~a.4283074973~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=f96difyGFA&p=https%3A//vtemu.by&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame 7F43 28 KB
28 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 22:46:42 GMT
x-content-type-options: nosniff
age: 134828
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 21:57:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 22:46:42 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14192388505045281100/ Frame 91E1 18 KB
18 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14192388505045281100/downsize_200k_v1?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

605996eee4494cee8e708eea38365476be91ad1ab479c7bf1960771196640182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 13:47:24 GMT
x-content-type-options: nosniff
age: 253586
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17935
x-xss-protection: 0
last-modified: Tue, 13 Oct 2020 15:04:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 28 Feb 2023 13:47:24 GMT

GET
DATA 200
OK truncated
/ Frame 91E1 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 91E1 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B5D
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIEcjbWw4xbXdOfLOA0NWzvCEC9yAO-WXvSeBH1-9pXK9LUpA-AyMFc5OxVmzJLlJBNB26sbruK2Osxhk-LqLdyE10FlQQ&google_gid=CAESEGwQd5Zw0JYU-20zi5p17io&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCP7hgpEGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBJRWNqYld3NHhiWGRPZkxPQTBOV3p2Q0VDOXlBTy1XWHZTZUJIMS05cFhLOUxVcEEtQXlNRmM1T3hWbXpKTGxKQk5CMjZzYnJ1SzJPc3hoay...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWDBJY3ZNdEFwZWV0VVhvY1dDd2tHSUFXRlF1dWxkRU9xczlJQXBiQTRwQQ==&google_push

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWDBJY3ZNdEFwZWV0VVhvY1dDd2tHSUFXRlF1dWxkRU9xczlJQXBiQTRwQQ==&google_push

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 03 Mar 2022 12:13:50 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWDBJY3ZNdEFwZWV0VVhvY1dDd2tHSUFXRlF1dWxkRU9xczlJQXBiQTRwQQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 2B5D 43 B
391 B 105ms
104ms Image
image/gif 35.190.90.30
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESELHXYYRoLpVEbIlk9z639TQ&google_push=AYg5qPLgcGTYem7oeXl6M3uVJXASwgJpTFqaRJmrb8CtjTG0cJfh4c8pkQ2pmIgQ1ok0jzTawcutaHDmukpEKuMDimDyuviXgMQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.90.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.90.190.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 2B5D 43 B
64 B 16ms
16ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEH4nU3Bgdh-Rl-EIacK_HXQ&google_cver=1&google_push=AYg5qPKqJ-y1wAH3E1NHPpwFPd6T8I80nK-1KPc2RQtQ4i1gBxIVSs0auPvnAeazoZpUn-xbNkxDWbXmDVwCz3HAyIOjlpooNw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: kvtap8ipifn5472egmon7fcpfh8rv3lj

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B5D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELtnlhsVwCzS8fWRA8y7v4U&google_cver=1&google_push=AYg5qPLyslcWneniE8-6sH7IWzC72cq2p9Cdc1Ee4XxjObG8US_tJAsMsLeKb5TtRLIqyQLZF2P...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXSUUtWi05WENQ&google_push=AYg5qPLyslcWneniE8-6sH7IWzC72cq2p9Cdc1Ee4XxjObG8US_tJAsMsLeKb5TtRLIqyQLZF2P04NdwGSQo-kj-wGMyMq1iAPg

170 B
188 B

25ms
25ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXSUUtWi05WENQ&google_push=AYg5qPLyslcWneniE8-6sH7IWzC72cq2p9Cdc1Ee4XxjObG8US_tJAsMsLeKb5TtRLIqyQLZF2P04NdwGSQo-kj-wGMyMq1iAPg

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXSUUtWi05WENQ&google_push=AYg5qPLyslcWneniE8-6sH7IWzC72cq2p9Cdc1Ee4XxjObG8US_tJAsMsLeKb5TtRLIqyQLZF2P04NdwGSQo-kj-wGMyMq1iAPg
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 2B5D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDh...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B5D
Redirect Chain

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEDEP3oKVtoEP0bg16Kd3ZrM&google_cver=1&google_push=AYg5qPJ2xmyqViiMJfZw3P-BzlajHhO7sTK1vOiv8dwPLNMnpCU70glW2g88o6Bb2iDdyXk2uw-qtpVMibQ-5YYuA8qLsYxLdw
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPJ2xmyqViiMJfZw3P-BzlajHhO7sTK1vOiv8dwPLNMnpCU70glW2g88o6Bb2iDdyXk2uw-qtpVMibQ-5YYuA8qLsYxLdw&google_hm=5vKU4O2qTtKRq3KWkr...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPJ2xmyqViiMJfZw3P-BzlajHhO7sTK1vOiv8dwPLNMnpCU70glW2g88o6Bb2iDdyXk2uw-qtpVMibQ-5YYuA8qLsYxLdw&google_hm=5vKU4O2qTtKRq3KWkrp_Yg

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPJ2xmyqViiMJfZw3P-BzlajHhO7sTK1vOiv8dwPLNMnpCU70glW2g88o6Bb2iDdyXk2uw-qtpVMibQ-5YYuA8qLsYxLdw&google_hm=5vKU4O2qTtKRq3KWkrp_Yg
pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
cache-control: no-cache
content-length: 0
request-time: 2
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B5D
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEMdzQhOukHAQSQejOxeWZX4&google_cver=1&google_push=AYg5qPIXLS6lQAZin__ZNso4...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPIXLS6lQAZin__ZNso4YLUQxAD7DLQS-uUytTHHrN9_9f0IhFf9KHPSiOsTvzRh1bwoybSrI5gOwVshXaKr7dQvmmFk05U&google_hm=lbmglbvffofotpkejb...

170 B
188 B

27ms
27ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPIXLS6lQAZin__ZNso4YLUQxAD7DLQS-uUytTHHrN9_9f0IhFf9KHPSiOsTvzRh1bwoybSrI5gOwVshXaKr7dQvmmFk05U&google_hm=lbmglbvffofotpkejbvpjpwsxblc

Requested by

Host: vtemu.by
URL: https://vtemu.by/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPIXLS6lQAZin__ZNso4YLUQxAD7DLQS-uUytTHHrN9_9f0IhFf9KHPSiOsTvzRh1bwoybSrI5gOwVshXaKr7dQvmmFk05U&google_hm=lbmglbvffofotpkejbvpjpwsxblc
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 02 Mar 2022 12:13:50 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2B5D 0
12 B 14ms
14ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KRZezgRwN547o8twX69OKGSWzNmleTpiGsD2ejgjBh620_iQ6bSUEXMyO2cJDXI73M9xajiw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame BBDC 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=2188865842&pi=t.aa~a.16707557~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280&nras=3&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1904&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eZDkyJjKFX&p=https%3A//vtemu.by&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F43 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoKCAEqBmJhbm5lcgoKCAIqBnNlcnZlcgovCAQqK215c2lkaWFfYW5hbHl0aWNzX2V4cDIsbXlzaWRpYV9yZWxlYXNlX3Byb2QKDRAUIQAAAADwbfNAMAQKDRAVIQAAAAAAACxAMAQKDRAWIQAAAAAAABRAMAQKDRAYIQAAgJmZLZBAMAQKDRAyIQAAAADMzPQ_MAQKDRAzIQAAAADMzPQ_MAQKDRA0IQAAAADMzPQ_MAQKDRA1IQAAAADMzPQ_MAQKDRA2IQAAAADMzPQ_MAQKDRA3IQAAAADMzPQ_MAQKDRA4IQAAAACZmQ1AMAQKDRA5IQAAAAAA8H1AMAQKDRA6IQAAADIzC35AMAQKDRA7IQAAAJmZRYhAMAQKDRA8IQAAAJmZRYhAMAQKDRA9IQAAAAAASIhAMAQKDRA-IQAAAAAACpBAMAQKDRA_IQAAAAAACpBAMAQKDRBAIQAAgMzMPpBAMAQSGkNOalVqS1gxcWZZQ0ZVajZzZ29kTHlRQ253Igl0ZXh0L3J5dWsoFQ==

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/b46067733e7b2ca12cbbd351a7043902.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 66B4 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 03 Mar 2022 05:53:44 GMT
expires: Fri, 04 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 22806
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 91E1 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 086d34fccd507ce8cfc04d918600aee3724a08e1ca0d5cde3baed97000fd1b99

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame 91E1 28 KB
28 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 22:46:42 GMT
x-content-type-options: nosniff
age: 134828
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 21:57:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 22:46:42 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 66B4
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEBFy1AuSUJRUyghMjFWCsc&google_cver=1&google_push=AYg5qPJlP6v0CP2B1DdplPWqqfA927oUTBP5wPaq98c86FiZG_cf6i5Ahd...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPJlP6v0CP2B1DdplPWqqfA927oUTBP5wPaq98c86FiZG_cf6i5Ahdz-KJRnPZMJ7mgulwGeTvM_lQiQv1xAwHg_Tps-fQNQ&google_hm=h8bGzB8qhyoN...

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPJlP6v0CP2B1DdplPWqqfA927oUTBP5wPaq98c86FiZG_cf6i5Ahdz-KJRnPZMJ7mgulwGeTvM_lQiQv1xAwHg_Tps-fQNQ&google_hm=h8bGzB8qhyoNMNDqDLhSbA

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPJlP6v0CP2B1DdplPWqqfA927oUTBP5wPaq98c86FiZG_cf6i5Ahdz-KJRnPZMJ7mgulwGeTvM_lQiQv1xAwHg_Tps-fQNQ&google_hm=h8bGzB8qhyoNMNDqDLhSbA
pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 66B4 42 B
316 B 17ms
15ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIp0zXlecKSv1BnoRg8pWOzfSiSgIgJlb0Dd5yRbDLD7_tkZIOQF4J7jORt9WuFfjUhFIRYLKwl1uMUdXTsu8K5XzN13YIP&google_gid=CAESEIAmNsNzUUjXJ-q8sZwmxIE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:50 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 66B4 43 B
391 B 105ms
103ms Image
image/gif 35.190.90.30
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEOHEw3Id_lj_ejDX95anupA&google_push=AYg5qPL8rCXMHd5ZZnqYV-3n_jFnHhi7PdSE7R3Qxf43qt5F2XZuc8e59RYd2wh-bwEaCn0EtMHLw5pD_UeW5p_YsRsNIRhgmg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.90.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.90.190.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 66B4 43 B
64 B 18ms
16ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMxbgaGL38P7f1svPrhLyG0&google_cver=1&google_push=AYg5qPJF_HqaEcNLHNXUrgGGAU12EdCbxgyG5xL2p7mU1F3tTp-m5hEVwnsRFJm8aMgmPZCz1M6uZ9LQym43Pv0JV_cEzgVnNVoO
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:49 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 7kft38l0pj19kkqmevovhuljabcbdm5o

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 66B4
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1pheje4BSdG8i_KVg9ZABQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1pheje4BSdG8i_KVg9ZABQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKAwljgrHAZ5qxwXarPtbSa8kwPpWYQOOM1CoYwClYWMGS962ys05MsS25uJmY3a8HJJJ9nOpE7DpE6XF2JOk3uhPeAUL0

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1pheje4BSdG8i_KVg9ZABQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKAwljgrHAZ5qxwXarPtbSa8kwPpWYQOOM1CoYwClYWMGS962ys05MsS25uJmY3a8HJJJ9nOpE7DpE6XF2JOk3uhPeAUL0
date: Thu, 03 Mar 2022 12:13:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 66B4
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECs6FaQL6bC30C_IJU8gBOI&google_cver=1&google_push=AYg5qPIRtIwkNfgGTh_KQjZaGC2-3xNSiiM3XNukEWkCd8Repb5KHnqmavWi8pGXUTwRYxAzk1l...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXVEUtSy0yMEJY&google_push=AYg5qPIRtIwkNfgGTh_KQjZaGC2-3xNSiiM3XNukEWkCd8Repb5KHnqmavWi8pGXUTwRYxAzk1lK7sVFcZW2dVpE8y8yAIgx5wQ

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXVEUtSy0yMEJY&google_push=AYg5qPIRtIwkNfgGTh_KQjZaGC2-3xNSiiM3XNukEWkCd8Repb5KHnqmavWi8pGXUTwRYxAzk1lK7sVFcZW2dVpE8y8yAIgx5wQ

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBBWThXVEUtSy0yMEJY&google_push=AYg5qPIRtIwkNfgGTh_KQjZaGC2-3xNSiiM3XNukEWkCd8Repb5KHnqmavWi8pGXUTwRYxAzk1lK7sVFcZW2dVpE8y8yAIgx5wQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 66B4
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 66B4 0
12 B 18ms
17ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LuPU51HI-Bo2Ug_C0Y6cj0QsC5_3qkEMbcUTrGNqBqaR5lZJG6D56OgtUgrlZv_tjajQHq

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 22ms
22ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220301&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed9a209161c0d087fcfc4a3ec43c8f5e073cb03c9223093ccf8eed28c8fcb4e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 12:13:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10568
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4490 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvVRUDiitpxOIyMn363FDJ5GiKJVNqu2FqQVJrOXMnxB5zvu_nAJ4lrrYT5S4G-Zatb45w3MvRC9o5V3Qw12ZecWN4fs3d_gEaKVKt2BHO2-UqZlcLapg&sai=AMfl-YSqGaPJH-xR2haJUXR2VIGLo501RxSgJw72iIVOBRVmcUvgxvWt-yl_dpVcbEfw3bpOBPhICrwUSTSDvfW_i6DfT0SIzE2h0LjckHdz&sig=Cg0ArKJSzDtZsF_JpDjjEAE&cid=CAQSLQCNIrLMv73LODuNRcRI15RxJqH2TohEXMx5dUW_W-a9Iz4PkbdviXPxYzZbaw&id=lidar2&mcvt=1025&p=171,315,439,1285&mtos=0,1025,1025,1025,1025&tos=0,1025,0,0,0&v=20220302&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&app=0&itpl=20&adk=51155630&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646309629216&rpt=268&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame F5F0 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3990490331531652&output=html&h=280&adk=4070374814&adf=1080498295&pi=t.aa~a.3505625292~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1646309428&rafmt=1&to=qs&pwprc=9646847681&psa=0&format=1200x280&url=https%3A%2F%2Fvtemu.by%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646309629100&bpp=1&bdt=1222&idt=-M&shv=r20220301&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1693582ab5d30cd4-220c483c50cd0001%3AT%3D1646309628%3ART%3D1646309628%3AS%3DALNI_MbFIy4lURgfl5f4mp059Upz21jfZw&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=343392690677&frm=20&pv=1&ga_vid=9797760.1646309628&ga_sid=1646309628&ga_hid=1545281597&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2999&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774&oid=2&pvsid=4232842818120551&pem=359&tmod=382798590&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=czVKFqhFmS&p=https%3A//vtemu.by&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 814A 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Box0z_bAgYvnuEMGJ9u8P88u0gAoAAAAAOAHgBAI&bg=!UlGlURXNAAYFuXAgBbk7ACkAdvg8Wip5LbA9vpQucHGqv4Gjy7oqyquZgTqIUqsn2xWgQgYVRGXJYAIAAAJ7UgAAAAFoAQcKAIQetdQMVpswl7NIWBAT91N-SC-ndhY-V8TEaSCpy1E-Fc2hBDOM5Tq5AZ_bp3OJ16yVBOiWNHQELwJx4z5VhQLopi1LKKE4-llxfPHfyAXVTeZhsYfsScJEGsQ2ixEvxISDgwK_gEprGB8j8hsjDPBbivE5k65m_vnc9itA_eUGF3f1ujSZAuxDnuyTNo-saOlUOFbccUXzrBj06dCOrWDOsuuLaB0MVUgd7FQIWU7tlafslqkyNvaaZEuQEO-KHF7a7feyLRr7ndz_HxiZNnlFN7trnhz9P4u1SaV2BORqUxeeQ4b2ZxpT7LmnndzVdvMsKwcy1dbX5eWoBkt46nuW2sYdqSxFJrZxjdZlme8oBh1wm5baZ9qFvJnYqiyreGYVmDwqV8Q7hMylj2dmmSQ1PKRQvI_hirW0TvKo086t-nazKaIVv_SOkTpUfn-KmtAmU9_aec2egTp1Xr1XPy-ejbXEOi7eiTizTxGu60hZnECqPyfZ31KAekNL_uVJJWOfoB_mDi1-gzUObKSe5PANvPELpHeFnSJugrp1hKDd7PeNtXMtAHHCR2vt6ZI8_e4rTKq0UeCzADGfx_RA1vBneLbiN37ZrgTolchHYhzkYb346htfkjRLPhKZpjV7mZgTY_wxqrBxny3rhZ1fes7xe8wXtPhq9_Ji2rpPMMnS6fL83uMjBrw5iqdsaeta6RkB4ru-SQAJmFWcd0gVxmuG29KZBwbuDdmp-WT-LA2VJa9yn8g_-dsd1XmllLKAcp1t5eKXcEaeTSEl0WDRsyKg5AVJ8ojpnZ7FW_Qrup2CJxHD9zPu2dn7-oAXICl3oJk9luxvY21mkrVa7-i9RJ8S8-HRaWzSvHUU0VpvHDiX_29SDu44asKuE5Q06aG_emgeOJwO1J7b_jCUPKqYEwojYFjNQfx1mz1Omhw7E9f5GO3RTIbG1gI5qNqFCFoTgmK7BDw7kkfUWusPSSsjHOmDR_Y0rCGjfUkY8RZuonTOtmJ83QVinMRqZd-azugryQ1JbAlBpJiCIso37-zXYAvCtf2WZ_-KvIxSKv3_4MpxvmFD-6makmn4-UmUzssIgu0buYVoikj3X7yPBEeb1rqncvQ4GK4XYTrj9EM2f9dXuQQkacdXIFgYBMZdodDrTZnkl1mdrcrFo8IuO16OMdtskzaR

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 115ms
115ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 12:13:50 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5F90 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCkzJ5gaK6Lh-PDtA-2VqlGmxUrQmXxOMD5BFwPbg3fo6VttUGhENa1M3p2biVlFAn4bkfyIq2mTyAJNVPdNLo&sig=Cg0ArKJSzHtFZy145ZSSEAE&id=lidar2&mcvt=1005&p=0,0,124,1005&mtos=82,713,1005,1114,1260&tos=82,631,292,109,146&v=20220302&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646309629185&rpt=150&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 0A95 0
127 B 15ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 03 Mar 2022 12:13:49 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 918A 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Mar 2022 12:02:14 GMT
expires: Fri, 03 Mar 2023 12:02:14 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 672A 783 B
536 B 18ms
18ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

915af9624bbcb4d1f2d8cfdf179250325d2ed996cf91e223a84b111579850190

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QZ8VMo02O/xJq9YQNWlGWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 03 Mar 2022 12:13:50 GMT
date: Thu, 03 Mar 2022 12:13:50 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-QZ8VMo02O/xJq9YQNWlGWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 918A 35 KB
13 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nqw9n8Q7ZgUQXaeEyqlQgfSoiWvYVLzKil4oLL1-OrQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 11:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13737
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Mar 2023 11:02:56 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 672A 0
0 59ms
59ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220301&jk=4232842818120551&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 918A 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?f_KYXw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220301&jk=4232842818120551&bg=!cHOlczfNAAYFuXAgBbk7ACkAdvg8Whb_2wN_Lt9HEWOaax3mVfNxWmAGb1_drYF1L4fVxtUEzQ4dzAIAAABoUgAAAANoAQcKAIoc3uART59vZM2GrvhdhBcs9HSWyvO-fsFP6j84HeAwngSgzr5mtFL2PJUYxF0H2HeXtowMP4HGql45EQLsJ-o-DdZb9Hi-8t8JxK2yFIpbMLzq5jNitp5k6S-K8eO1tRcpebEqDqf52fsTSQiXTguQmTjBJIta1GJkPJuz5WG-h6K42ZzhSRiuHlKZAqUQQeq1jZqEet5m2aXVTR1qz0i0_hVJUnq2bM0qxsIM7N49h-0GFq2fQQ5N58DDb48pN6lhx0okAeKIf5JcGqhQsUZutAeMptjTxZPEslpIegFD-xWoQGWu4adDmRKyzgJQayNKn8u-RwQRUCBtK_LhS7llGwE2RBfmOJJRvnbX2wlqeiZVbWDfVSs9Tij2X4RxnK-4TV9mjPJk-v26nekBwOhm35R_WUmXgJW4AlMXxPhUB7e0dyZnm3TB5_6oLk4J3HEgK_Q0eqUJYXbrM13CWj8rDiYv3or45qVHXnL6en4ZPTjF8Yo5x7C58sYem_toGNalCxsPCFTkrxe7qptwXx07ikn48ySn135ywKqIwLcXmCzSeIlNVoZ4RlaAWspfw04UobuNo6jgXZeEw0NQQiyxQeTLaprO7vr9Ip2GSctMtoc7YJO4LQSUxeCXoPYYyUhc39E44x1LOPI8jwbtlqTQg_ZriO7wpYZH6it85pW-pgG-YgblO3D3dHwTd9fyjqFw9U1w_jZA9oD9fxsw-hO9uf59vr7ArtWxZtADvzucki2PgsbcNOVP-smI30S73G_bEyCmZFtoTc-aMHm2w6usJoff-pvZWvOGJ1VCERs5zAAhhb6aI5wK5pOKwcFSBA47aAegNOW8PA5cetJfX6daBQOeSehXnctV4zL53uuvHh2VBHtrLDzYaSh7IWVmSmxPGuSSJnJQEF0XzOATk_nf2IuwW1fDmDQ6vIeq6K8Wqy77mOUZzomw8WNccTkhHw6rOL4LpfrRD5x5OqiiqYaPNEaXBxBUrc9wxCaYaz3UjpopwUFoRHq3kbmJVzs5ak3YQslh-cA748oGnU2_pgODuGiYkjBlHa9s-1WK-U5I9YSLZFWoXhHnFiG4dXiXp7vMMw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 12:13:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cntdata.aspx Show response
inv-nets-eu.admixer.net/ 48 B
519 B 675ms
675ms Fetch
application/javascript 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets-eu.admixer.net/cntdata.aspx?query=visitorid&containeroid=c537fd3c-ec7e-49d5-b4bb-10a57417947a&referrer=&pageurl=https://vtemu.by/

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/analytics/tag-manager.js?m=data-from-dom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

0b9198d253f4bd41b44e9289143b2d816ce0b32937fee73b5276d772efaba3da

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:52 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://vtemu.by
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript
Keep-Alive: timeout=25
X-XSS-Protection: 0

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=197200&cb=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DFCC51D18-EB58-4B22-B884-02E238CDD6F2%26id%3D
https://inv-nets.admixer.net/adxcm.aspx?ssp=FCC51D18-EB58-4B22-B884-02E238CDD6F2&id=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB

43 B
463 B

24ms
24ms

Image
image/gif

146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=FCC51D18-EB58-4B22-B884-02E238CDD6F2&id=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:51 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:51 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://inv-nets.admixer.net/adxcm.aspx?ssp=FCC51D18-EB58-4B22-B884-02E238CDD6F2&id=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 304
Expires: Thu, 03 Mar 2022 12:13:51 GMT

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806
https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AG4TOtkIyeAXuBn4hCsxkyw

43 B
463 B

8ms
8ms

Image
image/gif

146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AG4TOtkIyeAXuBn4hCsxkyw

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:51 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:51 GMT
Transfer-Encoding: chunked
P3P: policyref="//adriver.ru/w3c/p3p.xml", CP="NON DSP COR CURa ADMa DEVa OUR BUS UNI COM NAV INT STA"
Location: https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AG4TOtkIyeAXuBn4hCsxkyw
Cache-control: no-cache, no-cache=Set-Cookie, max-age=0, must-revalidate, proxy-revalidate, no-store
Connection: keep-alive
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

cm.aspx
inv-nets.admixer.net/bs/
Redirect Chain

https://x.bidswitch.net/sync?ssp=admixer&user_id=b8249f2c321b4769b706765f0eb4be15&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=admixer&bsw_custom_parameter=daa7cacc-fe90-4572-b08f-1f8bf8fd476e
https://x.bidswitch.net/sync?dsp_id=257&user_id=mk521b4020-62be-4632-9b49-92b0e63d6ea7&expires=7&user_group=5&ssp=admixer&bsw_param=daa7cacc-fe90-4572-b08f-1f8bf8fd476e
https://inv-nets.admixer.net/bs/cm.aspx?id=daa7cacc-fe90-4572-b08f-1f8bf8fd476e&gdpr=&consent=&gdpr_pd=

43 B
463 B

8ms
8ms

Image
image/gif

146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/bs/cm.aspx?id=daa7cacc-fe90-4572-b08f-1f8bf8fd476e&gdpr=&consent=&gdpr_pd=

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 12:13:52 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Location: //inv-nets.admixer.net/bs/cm.aspx?id=daa7cacc-fe90-4572-b08f-1f8bf8fd476e&gdpr=&consent=&gdpr_pd=
Date: Thu, 03 Mar 2022 12:13:52 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 admixer
exchange.buzzoola.com/cookiesync/ssp/ 43 B
130 B 12ms
12ms Image
image/gif 144.76.118.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.buzzoola.com/cookiesync/ssp/admixer?uid=b8249f2c321b4769b706765f0eb4be15
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/prebidcdn/prebidcdn.js?pm=adServer,adServerDFP,admixerAnalyticsAdapter,admixerBidAdapter,admixerIdSystem,currency,intersectionRtdProvider,schain&dev=true&rnd=268435462&hash=1385267621-
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 144.76.118.233 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.233.118.76.144.clients.your-server.de
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 12:13:51 GMT
server: nginx
content-length: 43
serverid: TODO
content-type: image/gif

GET
H/1.1 204
No Content merge
ce.lijit.com/ 0
348 B 20ms
20ms Image
text/plain 216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=380632&3pid=b8249f2c321b4769b706765f0eb4be15&us_privacy=$(US_PRIVACY)&gdpr=&gdpr_consent=&location=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DA0E94EB6-7943-457A-8B17-9C99C6ADCED2%26id%3D%5BSOVRNID%5D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://vtemu.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 12:13:51 GMT
X-MERGE: GDPR Optout true
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

70 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.admixer.net/bs	1970-01-20 03:28:05	Name: am-uid Value: b8249f2c321b4769b706765f0eb4be15
.vtemu.by/	1970-01-20 18:49:41	Name: _ga Value: GA1.2.9797760.1646309628
.vtemu.by/	1970-01-20 01:19:56	Name: _gid Value: GA1.2.1113006692.1646309628
.vtemu.by/	1970-01-20 01:18:29	Name: _gat Value: 1
.admixer.net/	1970-01-20 03:28:05	Name: am-uid Value: b8249f2c321b4769b706765f0eb4be15
.vtemu.by/	1970-01-20 01:18:29	Name: _gat_gtag_UA_7662390_15 Value: 1
.yadro.ru/	1970-01-20 10:03:10	Name: FTID Value: 1Y8B3y3hExOH1Y8B3y0000WW
.yadro.ru/	1970-01-20 10:03:10	Name: VID Value: 1M6H8j12fb8H1Y8B3y0000f1
.vtemu.by/	1970-01-20 10:04:05	Name: _ym_uid Value: 1646309628492691176
.vtemu.by/	1970-01-20 10:04:05	Name: _ym_d Value: 1646309628
.vtemu.by/	1970-01-20 10:47:17	Name: __gfp_64b Value: myphTIVgyWNL336y8YFxPVk0WTzpas7W9bKiFydF1gr.B7\|1646309628
.mc.yandex.com/	1970-01-20 01:18:30	Name: sync_cookie_csrf Value: 3819627529fake
.vtemu.by/	1970-01-20 01:19:41	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 01:18:30	Name: sync_cookie_csrf Value: 3586668406fake
.hit.gemius.pl/	1970-01-20 10:47:17	Name: Gdyn Value: KlxngMaGQMGGQWrcC0MPQc8issGMXP8c25nSGu9oeISIFRxSG7RrGS6GwofBFlMMYH7hRjBGqSRxSG8.
.yandex.com/	1970-01-20 10:04:05	Name: yandexuid Value: 9704065351646309628
.yandex.com/	1970-01-20 10:04:05	Name: yuidss Value: 9704065351646309628
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 195229751646309628
.yandex.com/	1970-01-23 16:54:29	Name: i Value: sqbleaZ80Ue8MqbbLedZ5BBq7LUXhT2pyVZezWOnWMZAUd18MH+W8Spk/5dyapAGLgVXetaL8oK4hPfUZp2fIVtgiIA=
.yandex.com/	1970-01-20 10:04:05	Name: ymex Value: 1677845628.yrts.1646309628#1677845628.yrtsi.1646309628
.vtemu.by/	1970-01-20 01:18:31	Name: _ym_visorc Value: w
vtemu.by/	1969-12-31 23:59:59	Name: Value: store.test
vtemu.by/	1970-01-20 02:01:41	Name: _pbjs_userid_consent_data Value: 3524755945110770
vtemu.by/	1970-01-20 01:28:34	Name: am-uid Value: b8249f2c321b4769b706765f0eb4be15
.bidswitch.net/	1970-01-20 10:04:05	Name: tuuid Value: daa7cacc-fe90-4572-b08f-1f8bf8fd476e
.bidswitch.net/	1970-01-20 10:04:05	Name: c Value: 1646309628
.bidswitch.net/	1970-01-20 10:04:05	Name: tuuid_lu Value: 1646309628
.casalemedia.com/	1970-01-20 10:04:05	Name: CMID Value: YiCw-NfZgsvJGMf8-f2LhQAA
.casalemedia.com/	1970-01-20 03:28:05	Name: CMPS Value: 3228
.exchange.buzzoola.com/	1970-01-20 02:01:41	Name: uuid Value: d272aee4-c8d5-4d6d-7651-4e5bb483f448
.creativecdn.com/	1970-01-20 10:04:05	Name: u Value: n8w4nmoKZYjQMalR22nL
.creativecdn.com/	1970-01-20 10:04:05	Name: ts Value: 1646309628
.casalemedia.com/	1970-01-20 03:28:05	Name: CMPRO Value: 1127
.erne.co/	1970-01-20 10:04:05	Name: u Value: vVXKm9QLmyhqamHbGhUnYahd
.rutarget.ru/	1970-01-20 05:37:41	Name: userId Value: 7hkfBOaVDWXl
.adriver.ru/	1970-01-20 18:49:41	Name: cid Value: AG4TOtkIyeAXuBn4hCsxkyw
.vtemu.by/	1970-01-20 10:40:05	Name: __gads Value: ID=1693582ab5d30cd4:T=1646309628:S=ALNI_MaGoKTStHkYC-pWA1dzjf7Gv5x2rA
.adnxs.com/	1970-01-20 03:28:05	Name: uuid2 Value: 4336395042717607587
.adnxs.com/	1970-01-20 03:28:05	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In=I=jam!@wnfH8K6pQK`!5=E<L5?%M#0u8D-bCmmTlfAmv1rPCd2a@<pC2^4mZQX.'%nugO%v4VB%nn`b>S<H
.casalemedia.com/	1970-01-20 10:04:05	Name: CMRUM3 Value: 2d6220b0fd2760CAESEPtAE8TU6dQ1vdPhuVMBLm4
m.exactag.com/	1970-01-20 03:28:05	Name: exactag_new_gk Value: 81cb586400d4420f9621193b3102b1d1%7c02.05.2022+12%3a13%3a49
m.exactag.com/	1970-01-20 05:37:41	Name: exactag_new_uk Value: c7f664a3eda34c7596e8c0b0df8dd853%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: beb2a508ce2f444287e68773
.demdex.net/	1970-01-20 05:37:41	Name: demdex Value: 06556727763948202560006384651353533146
.skydeutschland.demdex.net/	1970-01-20 05:37:41	Name: skydeutschland Value: 06556727763948202560006384651353533146
.doubleclick.net/	1970-01-20 01:18:33	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 10:40:05	Name: IDE Value: AHWqTUkwZ5lN1OEZqErhZ20trk7iiDLgF8O8c_sD0tOxkBs8ZLv5ydhakrw1G41WG6s
.quantserve.com/	1970-01-20 03:28:05	Name: d Value: EHQBCQHJJYEA
.quantserve.com/	1970-01-20 10:48:44	Name: mc Value: 6220b0fd-ece4a-e9ccd-41d29
.agkn.com/	1970-01-20 10:04:05	Name: ab Value: 0001%3AGyEwHrIhrTisFZaHJ%2Br7nkx3uiTv66%2FW
.agkn.com/	1970-01-20 10:04:05	Name: u Value: C\|0CEAps21-KbNtfgAAAAAAAQ13AQCAAQpAAAAAAA
.innovid.com/	1970-01-20 03:28:05	Name: uuid Value: e6f294e0-edaa-4ed2-91ab-729692ba7f62-20220303 07:13:50
.rlcdn.com/	1970-01-20 10:04:05	Name: rlas3 Value: peyh93MAaaZq7DbavOTtK3nab/xJa+OlHxNR0WBy5wg=
.mookie1.com/	1970-01-20 10:47:17	Name: id Value: 10596547713577139234
.mookie1.com/	1970-01-20 10:47:17	Name: mdata Value: 1\|10596547713577139234\|1646309630149
.mookie1.com/	1970-01-20 10:47:17	Name: ov Value: 059cb65fcc3efd9bfe02f3c1f6d6e532
.rlcdn.com/	1970-01-20 02:44:53	Name: pxrc Value: CP7hgpEGEgUI6AcQABIGCOndKhAA
.e.dlx.addthis.com/	1970-01-20 10:48:44	Name: na_tc Value: Y
.addthis.com/	1970-01-20 10:48:44	Name: na_id Value: 2022030312135000069579473594
.addthis.com/	1970-01-20 10:48:44	Name: na_tc Value: Y
.addthis.com/	1970-01-20 10:48:44	Name: uid Value: 6220b0fe9bbb48a4
.addthis.com/	1970-01-20 10:48:44	Name: ouid Value: 6220b0fe000136c74c6cbb09302f35230c35d881e9e44ff0248c
.dlx.addthis.com/	1970-01-20 02:01:41	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 02:01:41	Name: na_sr Value: 20220303
.dlx.addthis.com/	1970-01-20 01:18:29	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 02:01:41	Name: na_sc_e Value: 0
.pubmatic.com/	1970-01-20 01:19:56	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 03:28:05	Name: KADUSERCOOKIE Value: D6985E8D-EE01-49D1-BC8B-F29583D64005
.casalemedia.com/	1970-01-20 01:19:56	Name: CMST Value: YiCw-GIgsP8A
vtemu.by/	1970-01-20 02:01:41	Name: admixerId Value: b8249f2c321b4769b706765f0eb4be15

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9566.HlSixRSnKtDGP96Nsa5z3OlFiROHf77afCpaZ4LRPLcx5igW1tUqDHRTYpxBcllb4LSUcdsw3l0p1Pi_bBt5xw%2C%2C.QncDtrwPSgbFpMPTmLNQSfLN8Q8%2C Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPI-N-CvnpQR6QKcQO4QIS7I5yYFL3nr5m45kusck_wDcllcOu9H__iinYtDF4YY6Zz0xnBQM1zXSIoY9pAB4Oyj--PURuGS&google_cver=1&google_gid=CAESEDXvt3S8Ls70ut4sszWNWvQ Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPIyZd7QuqHhFLuaP-BRvyiqLt29ITlpN3Acy5B_T_cuRNU06XIN8KtUWtL2K0qCphy3HLo9diOKtoovJAyYg-fMgpnSPlWVcg&google_cver=1&google_gid=CAESEP_mB8SGa7mjN6g8-ahJH3Q Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPKckDR__sVbBiO80HDg9ODepDpvb9DcB285Nz6FbOgaFbQZGtk8QCIGulP1in2Js_QB7aakBRpK3K5yZz0wA7DjW_yN9w&google_gid=CAESEBc-QVTweQG8aNqkbpmmKfk Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_cver=1&google_push=AYg5qPLYfT3yl7rF4r396PIKs5zD4DcWbzWxYcnnt9LkXgLuW2GsVlprThj0hFZosir7ZftVLYDhEkkGwijY_gxE4-LBhJ_dRg&google_gid=CAESEONs_4UDZrR4hrxn5LAl5mc Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiCw_NfZgsvJGMf8_f2LhQAABGcAAAAB&google_push=AYg5qPJMeEmbkg40ab50MbG4vnRZgiPwsvet7FvKT8CbC-zQFfbdxHpF8DnJwrsbA24nSEEVFF1Ir9kgLU1FH6QSB1MnDbT64mnH&google_cver=1&google_gid=CAESEOuIwARLYmetD9yCu-TBCCE Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

69ba984e4cd6933d85825299e89618bf.safeframe.googlesyndication.com
ad.adriver.ru
admixer-sync.rutarget.ru
ads.betweendigital.com
ads.eu.criteo.com
adservice.google.com
adservice.google.de
ag.innovid.com
cat.nl.eu.criteo.com
cdn.admixer.net
cdnjs.cloudflare.com
ce.lijit.com
cm.g.doubleclick.net
cms.quantserve.com
code.jquery.com
counter.yadro.ru
creativecdn.com
csm.eu.criteo.net
d.agkn.com
dm.hybrid.ai
dsum-sec.casalemedia.com
e.dlx.addthis.com
event.clientgear.com
exchange.buzzoola.com
fonts.googleapis.com
fonts.gstatic.com
gaby.hit.gemius.pl
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
green.erne.co
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
inv-dmp.admixer.net
inv-nets-eu.admixer.net
inv-nets.admixer.net
ls.hit.gemius.pl
m.exactag.com
m.trafmag.com
maxcdn.bootstrapcdn.com
mc.yandex.com
mc.yandex.ru
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.adsafeprotected.com
pixel.everesttech.net
pixel.rubiconproject.com
prebid-inv-eu.admixer.net
rtb.fr.eu.criteo.com
rtb.openx.net
s0.2mdn.net
securepubads.g.doubleclick.net
skydeutschland.demdex.net
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
stats.g.doubleclick.net
tpc.googlesyndication.com
vtemu.by
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
cm.g.doubleclick.net
104.111.215.191
104.21.78.118
104.36.113.23
108.128.215.255
141.94.242.148
142.250.184.226
142.250.185.130
142.250.186.162
142.250.74.194
144.76.118.233
146.0.227.109
146.0.227.110
146.59.10.80
146.59.30.108
178.250.0.139
178.250.0.162
178.250.2.148
18.195.106.21
185.184.8.65
185.33.221.88
188.42.29.196
193.200.65.6
195.209.108.38
2.21.141.232
2001:4de0:ac18::1:a:2b
216.52.2.19
2600:9000:225f:b800:8:48e:53c0:93a1
2606:4700::6810:135e
2606:4700::6812:bcf
2620:116:800d:21:fcb8:22d2:d390:5f1b
2a00:1450:4001:800::2008
2a00:1450:4001:803::2003
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:811::2006
2a00:1450:4001:812::200a
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2001
2a00:1450:400c:c0a::9b
2a00:1450:400e:811::2003
2a02:2638:1::11
2a02:2638:1::3
2a02:2638::2
2a02:6b8::1:119
2a03:90c0:41:2801::254
2a05:d01c:1d8:8100:39fb:2754:c941:3afb
3.127.180.130
35.186.253.211
35.190.90.30
35.244.174.68
37.18.16.22
47.252.78.131
52.212.232.57
52.214.209.198
69.173.144.165
80.64.106.151
85.14.248.91
88.212.201.210
94.23.171.206
004e39eccc0c3c725e9185c2afac1a7db4d418c0a370f9babbc6ca4e5815b496
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
038340c4c537e60b58ed40ebe27dfe892c3ae4dea096e57655a70c535bd010c2
03aa3e84599be06f456bec3d51ab6208ee1452cf03e5de34f89ced55a81b6128
044316373e018c29ee8a1138fdaac42494514f8f7da4e89da024de6d568a50f9
045b74913b245e55878d3ea223ca94daddcf7b276def93c7cfe77fe00ea9964e
04e30e86c7aa6d6b4293ee45a163dc0a4746347d405c000068f76495d648905e
053508cc4ed1acf7db8ed96deca42ffebfa1669c5cecd62f4415b926d07b5aaa
07bd888b3e995c38b266f77716d590b205dd9218c648b04164f84f32f010283b
086d34fccd507ce8cfc04d918600aee3724a08e1ca0d5cde3baed97000fd1b99
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
09ef43311f60323feb3ecd8c3f5e81064548c7e632d58e27253e6fef25bc0e7f
0a4f9ef1219b6405766e71029bacde95beae605f52416b15ddbf6cf189551203
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9198d253f4bd41b44e9289143b2d816ce0b32937fee73b5276d772efaba3da
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0d060d4ad3687eb3f4c3ace663e890064811591ab06dff6ba7b611cc2a25777a
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15566c599cc95d056a256583fb9abaa6b94615f399f9e6584c992193de64ecba
17a3825811d24d1e6476ef79b0cde7735aa6fca74ac5b5fde8b55f0c3e2d0cfc
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
1ac21915effeb4932e4c39ae850b34f9fc234256256fe755345fb0157ec609a4
1df7a24523290093157df22484dc0881a2bcf2d5f4dc38e5f4d9cbce0684be97
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
228bcb24447f47d86dc76134510b8944239701737221b012c19b1cbe54020add
281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340
287a8a9c203e4368de90d27ab82eb8909013ba49a61d50ec73aa67e416fc1e8a
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
28f3a0ebe7e75321755ed479e596c7989fdcc497c0346a9d09dbdbbbc94ccf60
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2cb6aa168491f0d76255839ccbed19fba4f560bcf0b95aea1dc84aa257ac685c
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2e7064e2b48eff3b6655f97f7f007b1a5890b980d24f01886ac7bb88c76dd048
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33e13339440e41848ddb1b1863fdd2a0ca0d288f50756fff89a8febf1bb16549
36a1d9a8ddb6c467ec06fe683cabb081fa49dfacce9f1505ea70f4405d62bbd5
3a1b39c22a80b0f4b63d44fd10a62463aebf25150365b3855f3aa43622ce38d1
3b9d18fcdae65d4869f7472d27782f39bdf6205f95c54679be401f8d55787e9b
3f47780ac6a0cd5da2d08e3d14d6c5fd05cb359a527f056bdf3a627dd814bfb7
4052bd01d776cf0dc996be3171117012a3ee8f17826c8dc11c6ce4e1777885d4
4212bd83dd16caef827c50b737a4252cb1b2cbab5301b04805a20001957d3ad6
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4373878b9f750698b6a199ebc0eb0e550df208c5a1f9f778a346e271a2b4d733
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45051fce073f76d124669049e35b480823d7c9a7591cb725c087aa390f7d7fb2
4b32ece00a134a857c3756206420ba6a1ef53361d006710070773386aeebdba3
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b72884610fb05a2e041207a50312061d015c79332695bbaa9c0abc261230534
4b940065e2a67c37e3bd02b23c651f4744a3c219aba2d4fb99a631113494d376
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4df82d1dee3f949b41af84357c2e42d85dca43e49a1feff4a505c2297f3ab1a8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
513daa549555cdc580edab7dc07b2ed592c6bae4e426e24b35245b8a2942134d
51963d3074e03b274597ec8a657697e989d104197d060d7f71e4df8971c25edb
53269e0bf879d49783a2a7f89310e9fe62d8d8d086101efcf856806039263823
5421be34bc9ac3564a6daa35c769d13876e5fa7c4a5ed4892e9e8c65d31c1e27
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54e04099db8c09e68eeaa19b67e0ccbbfbe44ac7008cc81d2da30e4231be9b9b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
595c8e1b1a02e786dc2842bf830ea10563de9c49058163de036b0c1c978ded66
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e2718b4b437edd86140d80891cf912e88267f780c14656e84f27a38b10f48b6
605996eee4494cee8e708eea38365476be91ad1ab479c7bf1960771196640182
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99
62b3b612237065d586fddd4d7a87f67f389c232913d869e5aa47504cb6839f9d
636f80b5d29072a55efa09889b92dc8c0a994402054d0509834fe82c5ad5600a
6404933dd4d0608c814a9a7e21cab1db1e35ba4fd08b337385b242e3d133c366
64f61876f608bde33c6529347ce047f5a14d12b020ff36058bc402c15da52be3
65a59f413b63a7ba94f8ab4c1bbb362e45a3b4ace2fc998a7fadb8b5a3899de6
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6aefce42089f5d4410cc172aeb8b592263bf72c196e1e4ba7155b1fa89aac2fb
6b1ec2d29d135e42f30a47c65d05181b15f152f4cb6fd79c26fcd496ff99cf22
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c0a11f6009ed51c6150333558b46bc4281557d1b510c2ffd9cb608dcb59441b
6c92d977f6eb7c8907500faf83c65314eaac82190b363694ccb5cb6b5d41bcd4
6d18d7f2c01ab9ff16a43b0550581cbff0a8a0273c429508b7cbcc02d9fc2337
6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba
6e21c2aa0f0dc72a3c44c59b86d9bcb589cf574a0db3e766d41f7076c05436e3
734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a
74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271
782c0fc003470391c54aa93ea90202655cca2db5d71e7d927935583a648f6dd7
78d90f70f7edecc7917f4fbacf33923e8a665db0f4ffb3296263c173974b6645
7990aa307f60a093ffdc6611f0b4e4ed8d73a11401b7aa6495141045794859b6
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7be92806c1f8b3c3e932fcde5c22b9db2042c01c5710e9b9f69b80c5009ca987
7c1ed20a3a66178e281109e3bf99dd278456eeea71357c6562ebb61aa0c269fe
7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4
7e6f94e66af224954c6910c5a4eec5d86d5eda0ae57562ffc1b13413071effd5
80af1658b5482265a4a0a040eb65f5130872749184b686ec434feeaea804612a
80e04ad417042b77fd3d538cd894e12872930eff18ede2f3b04633e17bbba0f1
811ec5131fa96390d2d267b734b2f1472dea341870d239d6163c408f38bf3fa8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
85525bde5fe2388b09187e219a3eef1520733256e656c5d5fa9b3d71e8fe866e
856f0bcbe3b6a4ea9aa068c1362a1f980134552b57ad759aaf24e2cf70c82867
85dc4e3da9d58718cf3ce0336cc248978c9ce1a3a5e9e7bf57d78f9ec5273814
8a7dc61ab92fe7e9368b3e064ae9ea10b0f54d0d41bb0cf84fd84f677e61f2a7
8dbeeb184bff5ab8e36490faba5df9bb36edf6526c66221a615f9ed2ad279e69
8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
915af9624bbcb4d1f2d8cfdf179250325d2ed996cf91e223a84b111579850190
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
958f584f5ccc398baa929b25c51a6511b2dc09c77b722c6e5ffbb0779f1ac2c8
970d08b0edc4bfc0925495d8b11564f3c2fd368f745f7b3510a7fced11848894
9738357b212572b9c0ac378a344eb6769e475b0c8ad238b0936f33cd639331a4
97f6f81b224c70cf2431f07287d287446129697370b4419a9b82838be0ea0174
9a58a3942716ac89fb43bceef39f68b77b99d8a0dfd92eda2f6f197ce77dea00
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b
9e2f40ae4ba6bad05d3ba12d55bfb46f16d5d0903fbdcf85df626797f8368aca
9eac3d9fc43b6605105da784caa95081f4a8896bd854bcca8a5e282cbd7e3ab4
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01cf49fae11a0f4a3835afeeadbaaa585707cbb1826748fbf6c52a15e5a0d9a
a03d7b65269c39bba0188ab73ed3dfaea2bbb79a03d8d8b936b6596db4cad66e
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a25197dc637fcb41e8d3133cfed0573116c8a1618922454e6c13833754a161e5
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a50b19006261880dcb01654fef3c38d596d279328b0eebe22619974ba7bb4121
a664e2cee23323ceda357142ba98df2861f14cad5776ada7d5a208685bb72c30
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
a6fc00355d49fab149cbc59624ed4b40fe11443395e827722f47b776d1b82810
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ad8d6790c4653e3bd078031ffcd5b9c231056162ff04ae386ad85fb74e89407e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b195b9112e739241d9c3d31be62aef95867317563370f59d963cc64ccf985b55
b37be55509d191b4845b91145c233822b76e04b1059358bc5f6980190e005916
b41c82de64d18c7655cbc35cd51c71d982920d177d6f98b67996689207b0264a
b42ed9d631798a75b1f8fd232a99456be44b950051bc8da1e12722ef631b5479
b55bb8061d3b7d277ef8dc25a0c853a9193af9fbfbeb6aa871c7f59d043a66eb
b562a94510d64265089955b45e6d31f0de11a90b4dd1d33d6ceeec921fb68e2c
b5b90dab838368913f31c96f10a37af46e1a745d83ed8e66a6cc6df873d1a444
b70192acfba0b12d611e3160ad360d99ce43967f8fc4ff5d1f725f436f08ea8a
b85bf593e71eca6beb1190cb32aca4e19f9d48dc10ba63dd57a826c3d154d4ef
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bd9f64ed1aec62b6ab1f087e97102a4635c9a6bb956b46ffecc2950ae3410dd1
c1922061e01300c6b8d0e9a9dbc638c2eb7b2f5cf9e7690791bf7be4dd8733d6
c26fa0afd1139b9e7f1c022f2722c2398f3bfb99f79f141060595bccd069fca5
c8bb87138340978cee03b47477f9e45685ec275c6663e909c51403d4317830dc
c93729aca3446072e5231cd63e2d3bbb1482197d4328d7a02cd2b018d02b6fda
ca3ab058d4a2f973d36d9918d1eb3253f55c6aa6fa9f447363ca20a575e21964
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494
d5d6e153c412f8d094f5aa298887e9509d953500fd8047b2b7dd1ca703c2d477
d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
daedaaa8de6dcca996e06b636b415ad25072ddc1a575d88fe6592021118065b1
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df10d8a3d9620078b0675c82cc9c35c4bbf848f0a01270fbf3a72fa2ec258a68
dfac8ab096a95a59ac9fd6efd71b886fcae0699c3dcc2cfbc57fb4773862bf8b
e150bb1c25eca2cd75445ca3d1b1a6b57468549118c095e98778d7c6774694f1
e1a9f29f42c8aded9c06916867c167eeefff784bb887ea25d10959df0bbf25ec
e2d6375ad403d04d71e825226ace859b507dc6780df0a8287b95e63731fd9358
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3dfe49282dc9e6c7eca6ac18ea0481256487cb4df5c997416a755c22b595f08
e40ba2f19ed793ad50888dc1c7bee28d8e366c07f0372d5aca7592291cdfc5f3
e41e464197be6ca663b4077199a18711015653d0af3e3ddf009c6949129a0760
e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503
e73412af84a77481ceaf2f534cb0e9f2db29d9326286380d1f736aacd65f9188
ebe1167f76f37430322765732dda6b02e2991c6fd2606efbe7291b2114f6e39b
ec796bac75c6403ef3b4a3492e71e3897c0e68e61b19cf82557e58b38886f1ba
ed9a209161c0d087fcfc4a3ec43c8f5e073cb03c9223093ccf8eed28c8fcb4e7
ee3bf956f1f6ad1b9b2060dcf3d6b18d68015d9da99b360e4963b2f0f4c9c960
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f017ea63da9820cfe730c47e88365b93532f7df13c1ce5d8575ad4a340928989
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5d4a2d5c986dedf50542d5cb0d49a46f69cdaee753bdfb4a879cbbdfc5f2ed2
f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b

vtemu.by Open in urlscan Pro 104.21.78.118 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

328 Requests

87 %HTTPS

39 %IPv6

48 Domains

68 Subdomains

51 IPs

11 Countries

7516 kBTransfer

11577 kBSize

70 Cookies

6 Outgoing links

Redirected requests

328 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

vtemu.by Open in urlscan Pro
104.21.78.118 Public Scan

Screenshot
Live screenshot

Full Image

328
Requests

87 %
HTTPS

39 %
IPv6

48
Domains

68
Subdomains

51
IPs

11
Countries

7516 kB
Transfer

11577 kB
Size

70
Cookies

328 HTTP transactions
13 data transactions