legas.com.ua Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://legas.com.ua/
Effective URL:
https://legas.com.ua/
Submission: On December 04 via api (December 4th 2022, 5:13:40 am UTC) from GB — Scanned from GB

Summary HTTP 141 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 33 IPs in 9 countries across 40 domains to perform 141 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is legas.com.ua.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 24th 2022. Valid for: a year.

This is the only time legas.com.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18 28	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	31.131.16.29 31.131.16.29	56851 (VPS-UA-AS) (VPS-UA-AS)
1 2	49.12.116.255 49.12.116.255	24940 (HETZNER-AS) (HETZNER-AS)
22	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:6b8::130 2a02:6b8::130	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2606:4700:303... 2606:4700:3031::ac43:c6bd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f04... 2a03:2880:f045:10:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
12	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1 1	192.102.6.73 192.102.6.73	57682 (HVDS-AS) (HVDS-AS)
1 1	176.9.60.211 176.9.60.211	24940 (HETZNER-AS) (HETZNER-AS)
1 1	142.132.202.70 142.132.202.70	24940 (HETZNER-AS) (HETZNER-AS)
1	104.76.200.192 104.76.200.192	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.18.3.81 104.18.3.81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:6b8::14 2a02:6b8::14	208722 (GLOBAL_DC) (GLOBAL_DC)
15	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f14... 2a03:2880:f145:82:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
3 14	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	37.252.171.84 37.252.171.84	29990 (ASN-APPNEX) (ASN-APPNEX)
7	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	184.30.16.79 184.30.16.79	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4 4	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	172.64.154.237 172.64.154.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d	16509 (AMAZON-02) (AMAZON-02)
1 1	35.157.182.139 35.157.182.139	16509 (AMAZON-02) (AMAZON-02)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
141	33

28 2a06:98c1:3121::3 (United States) 18 redirects

ASN13335 (CLOUDFLARENET, US)

legas.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.131.16.29 (Ukraine)

ASN56851 (VPS-UA-AS, UA)
PTR: 29.16.131.31.uashared05.twinservers.net

caddy.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 49.12.116.255 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.255.116.12.49.clients.your-server.de

www.meteoprog.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.meteoprog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::130 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

info.maps.yandex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:c6bd (United States)

ASN13335 (CLOUDFLARENET, US)

cpa.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.102.6.73 (Kyiv, Ukraine) 1 redirects

ASN57682 (HVDS-AS, UA)
PTR: s1.zevshost.net

040510111616.c.mystat-in.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.9.60.211 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.211.60.9.176.clients.your-server.de

resistcorrectly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.132.202.70 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.70.202.132.142.clients.your-server.de

hlmiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.200.192 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-192.deploy.static.akamaitechnologies.com

www.expedia.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.3.81 (None, )

ASN13335 (CLOUDFLARENET, US)

r.i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::14 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

clck.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f145:82:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.84 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:c5a4:625:6563:a5bb (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.30.16.79 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-79.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.47.127.19 (United States) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.154.237 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.182.139 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-182-139.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 139	427 KB
32	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 73 cm.g.doubleclick.net — Cisco Umbrella Rank: 194 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 290	140 KB
28	legas.com.ua 18 redirects legas.com.ua	160 KB
12	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	40 KB
7	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 267	129 KB
7	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 419	5 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	57 KB
4	pubmatic.com 4 redirects image6.pubmatic.com — Cisco Umbrella Rank: 658	2 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 204	3 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 182	143 KB
3	google.co.uk adservice.google.co.uk — Cisco Umbrella Rank: 5290	1 KB
2	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 873	462 B
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1421	1 KB
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 550	573 B
2	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 629	926 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	2 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 821	135 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 134	89 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 292	456 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1403	350 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 613	758 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1519	297 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	18 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 859	696 B
1	yandex.ru clck.yandex.ru — Cisco Umbrella Rank: 50043	587 B
1	i.ua r.i.ua — Cisco Umbrella Rank: 193444	3 KB
1	expedia.co.uk www.expedia.co.uk — Cisco Umbrella Rank: 77501
1	hlmiq.com 1 redirects hlmiq.com — Cisco Umbrella Rank: 270485	537 B
1	resistcorrectly.com 1 redirects resistcorrectly.com — Cisco Umbrella Rank: 281269	344 B
1	mystat-in.net 1 redirects 040510111616.c.mystat-in.net	319 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	55 KB
1	cpa.com.ua cpa.com.ua
1	yandex.net info.maps.yandex.net
1	meteoprog.com www.meteoprog.com — Cisco Umbrella Rank: 758108	171 B
1	meteoprog.ua 1 redirects www.meteoprog.ua	129 B
1	caddy.com.ua caddy.com.ua
0	novostimira.biz Failed g.novostimira.biz Failed
0	bigmir.net Failed c.bigmir.net Failed
0	admaster.net Failed a1.admaster.net Failed
141	40

	Domain	Requested by
28	legas.com.ua	18 redirects legas.com.ua
22	pagead2.googlesyndication.com	legas.com.ua pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
16	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com legas.com.ua
14	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
13	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net legas.com.ua
12	www.google-analytics.com	legas.com.ua www.google-analytics.com www.googletagmanager.com
7	s0.2mdn.net	legas.com.ua s0.2mdn.net
4	image6.pubmatic.com	4 redirects
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.google.com	1 redirects tpc.googlesyndication.com legas.com.ua googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net legas.com.ua
3	stats.g.doubleclick.net	www.google-analytics.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.co.uk	pagead2.googlesyndication.com
2	googleads4.g.doubleclick.net	legas.com.ua
2	ssum-sec.casalemedia.com	2 redirects
2	odr.mookie1.com	googleads.g.doubleclick.net
2	e.dlx.addthis.com	2 redirects
2	id.rlcdn.com	2 redirects
2	cms.quantserve.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	static.xx.fbcdn.net	www.facebook.com
2	connect.facebook.net	legas.com.ua connect.facebook.net
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	fonts.gstatic.com	fonts.googleapis.com
1	www.facebook.com	connect.facebook.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	clck.yandex.ru	legas.com.ua
1	r.i.ua	legas.com.ua
1	www.expedia.co.uk	legas.com.ua
1	hlmiq.com	1 redirects
1	resistcorrectly.com	1 redirects
1	040510111616.c.mystat-in.net	1 redirects
1	www.googletagmanager.com	legas.com.ua
1	cpa.com.ua	legas.com.ua
1	info.maps.yandex.net	legas.com.ua
1	www.meteoprog.com	legas.com.ua
1	www.meteoprog.ua	1 redirects
1	caddy.com.ua	legas.com.ua
0	g.novostimira.biz Failed	legas.com.ua
0	c.bigmir.net Failed	legas.com.ua
0	a1.admaster.net Failed	legas.com.ua
141	47

This site contains links to these domains. Also see Links.

Domain
caddy.com.ua
salutes.com.ua
forum.legas.com.ua
www.meteoprog.ua
mytop-in.net
www.i.ua
banner.kiev.ua
www.novostimira.com.ua
clck.yandex.ru

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-24` - `2023-02-24`	a year	crt.sh
caddy.com.ua R3	`2022-11-23` - `2023-02-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
core-jams-info.maps.yandex.net GlobalSign RSA OV SSL CA 2018	`2022-06-29` - `2022-12-18`	6 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-12` - `2022-12-11`	3 months	crt.sh
i.ua R3	`2022-10-05` - `2023-01-03`	3 months	crt.sh
clck.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-08-26` - `2023-01-28`	5 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh

This page contains 22 frames:

Primary Page: https://legas.com.ua/
Frame ID: 74F0AF3CD5FF11D62AFE9E8E4C25F425
Requests: 55 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Frame ID: 9A5E2E2AE012442A39CC686805301797
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1486316043&pi=t.ma~as.2642460384&w=468&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815205&bpp=19&bdt=1111&idt=298&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&correlator=6870466341636&frm=20&pv=2&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=396&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=SSYIpcTwis&p=https%3A//legas.com.ua&dtd=320
Frame ID: 5B9CD2CD4149D18408E958EC91F7B4E3
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1365725250&pi=t.ma~as.2642460384&w=468&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815230&bpp=5&bdt=1136&idt=303&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384&correlator=6870466341636&frm=20&pv=1&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=969&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FpdkKTxaeE&p=https%3A//legas.com.ua&dtd=308
Frame ID: D6DC3CAA33CF674653BD31D1DC988F73
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=600&slotname=3398747635&adk=240658524&adf=1605720054&pi=t.ma~as.3398747635&w=160&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815258&bpp=15&bdt=1164&idt=286&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384%2C2642460384&correlator=6870466341636&frm=20&pv=1&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1179&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=ZBQEd5h1jt&p=https%3A//legas.com.ua&dtd=292
Frame ID: C1D8B6BD8C8287BEB07E2811CCEBF3F1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1670130815&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815445&bpp=2&bdt=1351&idt=109&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=6870466341636&frm=20&pv=1&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=BJyj4s8Vd3&p=https%3A//legas.com.ua&dtd=112
Frame ID: B7DBA9D258A7CF587FED990D8F783ECC
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3dc7a48e2bf7cc%26domain%3Dlegas.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Flegas.com.ua%252Ff27f50965484794%26relation%3Dparent.parent&container_width=300&href=http%3A%2F%2Flegas.com.ua%2F&layout=standard&locale=en_US&sdk=joey&share=true&show_faces=true&width=230
Frame ID: 3AEA8590974D3FB40B7E674155C7A4D2
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 97B8D65492A4639AB864A8AE26519E8F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js
Frame ID: 0C5DBFB60F77273845CDAC06D5AFC0BC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&adk=1812271804&adf=3025194257&lmt=1670130818&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Flegas.com.ua%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130818070&bpp=1&bdt=3976&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4dc4798ab816c438-2237671d07d80032%3AT%3D1670130815%3ART%3D1670130815%3AS%3DALNI_MZe6vp3gx5IGi2LDbcXgjEhG75vWg&gpic=UID%3D00000b8d69e4e8c7%3AT%3D1670130815%3ART%3D1670130815%3AS%3DALNI_MarxrijUDK7agoWAeyWoZtMJTNxkw&prev_fmts=300x250&prev_slotnames=2642460384%2C2642460384%2C3398747635&nras=1&correlator=6870466341636&frm=20&pv=1&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&psts=AMjMPc3ZwASzvr1HHoDG5TBLcHCiwBrLQXuLDF20Yw4b4trRbvkX4PI2Rgh6utHD7dxRQwDWKFRiRmanbPZg-fQs5A&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=11
Frame ID: 1D8A82F8CE9DFD7D5604A0569A8FCEB1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 117335EEFD682A1A87A471195E48E448
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B802865CEBCDD7DA992B891C9AAC42E6
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Frame ID: E3E154C854E56DC528367AB5528DC233
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Frame ID: 49FDC8EC82CFAD0E44189694A918AAFF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIzeRBCm8U8YlImP2gEwAQ&v=APEucNWl-LlLMaMtlEq0IKKFixMyPfWvmiad2ktqhRtVMxB3uUUgOOeJWsdwCxhtJLy4odzYJST0pjqBVAwlYkjvDKrmAkJkd75-5F0wU443zi6TLFQ7yZKI9afJgXaT-yaj3vfZ8OL92AbMxFhQc3IDM8wNuAv0y0t7F_ifUKH25tfk_HPJK-I
Frame ID: 7AE0150CA64FE71F8522ABFF6FFCCED6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BSYXLoKmhvv7NUNVID4zm_1ZpqeEpVBF9XaMxF4bvOrCjXfPvB4Z4AYfqiq0wDKPV-CMTMefo7uGXkiG4JLJ4pCxVK1Q&cry=1&dbm_d=AKAmf-CEGM5DvOK-3Dd6HFOp7dFzyJCM6yCy9s1cm9fsUIwmarq-bug2zD6Ex-SD9RryafJd25ywsGLtli7HKg-9XQQRVfsOosZ44_aY-c9RvQzumJsKrz8rtyD9BR1fU1i9x-9JR1EYIg_RLDHRUfVjN-qe581CDwKs60Ly9Eel2on6Ja35svvQWmUwfio5JwjTOJYhdSqIOpU45XZ_5aVkeJRwlUcL-R6corxOa7qOv7A0eK1WBTbyxKNwZkRRoyhL4ZpXUIb-3zXqWKR8VfJbrAatieqvMKGt1Qesg-3I_BsruLzAWKmMyrVZ3ptBRD32b-IxXBJDnufApg6FMebiTuOfmf4MviiZfk_01nRipBOUnTNVwKGJuJa_ngeEaUWfKeAQNaxTwZXBFzVe2VJ2JyXr4lS5XT99R8xuy4UHvU71lU8xmV4frqE08WDAknJoIjAzaz4ZkmXGa6ZbHZj4Mry-0SrZkgP84pG12MQ4OTxa7GqKd1ZMSoAOYctpJfF1eqIMumryb61VEcBK8x1-lIWYEX6WuTOtEdrhk5eGH71EyTC8htWHL8aDZALfza9vLWq7lr70xeMGjzOpYxWNfR7hsMi3gZaEOxeA5tIAUs5iZfmzG5v9Gcbb1pvsmVaZFXLTRznOKsT9m_xE-fYaLfIn0E1AncEtmSDtLHOvzu4_UgqVmW-2AnNJ4MXRj7acY80zD3XW7HbtZPAzHPqwzSRMblsuVX-1ncjbfFGB7LjtK_RdRWUlzHZF-52M8sIXvYFpDPwPNBgrDX0kNAEuRORvroxBUxVX5CHfqiMc2xJSC_R9eawzyCy0i42sMgNFwNYWCs6um5HZHM1V0gc7HmhfdTPvOxQFudECgIcQhd0y4VeN-3SBvh2bgZpBcr81Pgx1CYMskV1VsrIeEs3tcMipOf67HWEMabq6rhf2N1DJs3iqukAq9BaViPGRc42MR0Z6QQ-3VLzyKLPIbkV5rCjRFyUZZKohK3t_W_1D0sSkt-WnDbH_Jhj2EbwttYTP8_AxVPsM0zOwO9cOFjGvcxHmn7rjtYTdrrGs0qlNbirghuaCIsutYn5_58ikA40KrwyrsWBg0ayMxMfDJ6EVo9RojDfr3t11VK_KW7yWNQ_khDvrBmO1rhNOvDKKcvfOw891foa5u_X70Z29HzACHx-UR794AdvASWz1BP6GCGiphyNpUh1iEiAB3Am-d8swUUxBt8g0i7GnNDM7_CmDQVqGK5zQY9al-zTw_HXDRJI8S4HpifFrb302hW8cZy-Qp3kYdyhdVNcKkeiB1ZXXui9532iTsIYUwomeRyFlKSt-UKtK0KbH33-zxx_7eD8zWi-5--gMC4KQGVbQiWki6-8_i5xpFWrzY6FvKoLQl0Q8nvPD1iD5ePHSfQ5vfJaitP4cv9u26K3Xaso1VjPZms-4liSaE5B22Pr-MoEtITiNJNaoS83_51HjPb3uqYcvaKN1LW7yf3nEuiW0XbRSDqGYknwl4QTmRaDKFj8lrKaxYFdQ81wl9qaho4bxB18hSBRML5wXXfmwwWXck7VaAbpBaQuPsZzPDp4_fKmKo0YhhSaMzdaRC1eKxeRMGU9g--4KsEyZj5mjshplZ7s6dDHRZK3H1S_lOZWIfD38EFr9rRSjajY11B5Qi0WB82QJ_Tc8_hUITtYlKDAD0SCFn0kGHAZKCpCrgfRsrycQav_IpmPCpyXb-1CbQsF38ya0ZE_3rVaInfJ8vo9lUFre9GJM6Dwz3xOW6oXMY-xtlRUaa4W2XkByd63JZPDqVwsFOxis_6l8qzh0TMFEP6Djkru9raiHKaLaqj323WXj6I9NtDUungKrFIaPV6kpC3Ky0NQ-kJzIA9b36jn14wUFE7owsZLdON5cbVzih5bEDdjlWkkfNrhwm94ZAO8w8l3kgJL_2LMnftUpEy7OpQr-gm_jmZE5es23DqR22CHwETquE8XMk6Z2XT0GFQCtoS3tBKUNmlia5_-gjoZw-AwW5rA2fgR-IlfduPdOi6rD95hP1-hRuL1J9nhETEbBB8Uo1kFD6zO9gkhABGky1RPKIIApsWkPbIZ3bNz6NIv9m4LMtpt9A7OSKzu_oIOva5Et79KhsEltOvzWZVDWIA7qW2IkvS619eiovGWythl3rSR3v9WyqJerApDqeMoE0LHggUxcU_wW8jqz976B9EF8Dq127Uo4HLPdLsVNlmjMqWweRToS2q7Pz2Ray7zfUCrNHnBL5Z8Fd8KZlIqoPL109fq4boMZrbWZ347WGhUojNbHP810sweS4UCGCxilj2oIRmAEdYW6Eyfl_8mcIyUPw5_oRKUy7K2MaNXJOybIOb04Wql5lj0zGPrECbW_hpbKqvNy99moryMsuWnqNWH-RWGC6HRxBZOaoqRpc8X69M1YZeCl2nUKtyRZqM67Ijb959d8CdIcjMJOLSfNqrK4TMatRofCvMuairaOzae-h1HmzkxNtiCEwo66BSLqIr9tjmDgv4iYKsaE9lBZZYJGwT2-y2PSKNN3oWxn1XYlknX-vI_VwX2Zcwr40Mk4mJnp7OTq0sspdpIOnB4wIZh6Q_z15fq5pC1v79c3Jeox8Qf-6ON--YFo0vWTKgxwSYJd5jA4YrqeOZf-6RnsozfElBEQBQPXNlu7AWFWttuQOIv_V5lhmd3Awnxa7ZEzbAPwD6WmghmQd_g2wqgShvm5Ab-nMmHqzIhBQKSpltlBpSGdUn5C2Rz_ni9O0e3652DpEOr9C8G4IiF5IzoH5OOIGrwzkbBMD-ryOl_-hyYbV17u0Ao5NTzGmjacjTH1OGrFg4vQuMfZX8Aeh0HqQbolI7K9BB_2C7C7DTzNMRltm6XFPn1WbWy8gauWRvb-4fXyHPc0E8-x85LXymBOe2zICKA7zh29xfYlHUOw7LWreIMDOCy3uO4zXeLKdfMaf48IPci_XwXC01vvw96zwGzfqv1LO_XLRLKuR8J0D-zqPtqviSN8eHc8H8pXLAbWLyLIOC6_tKQqHomSnUhvKiNEbZEblCjJsKvUGFREuVb3GMr51oI-nEyaN5Ar1Am0fcampydZ41U71LYVXbLfF7NzP1mnJD3ryPrA-F8FbW71SB96UIw1REpFvxYv4lC_ksBFuzYC4X82sWbJ04VbKpa4kyUsnVpiVwESm8EbYw8RLjet_a4oKcZJWSJzVbgkNABY0uC5dTG4C1XQhzh8Taud7BEiUMw4Okr2yTveMBLJXJVhHcs8cNAHn6pGm-jMyLqUpobdzT0SSN7seydAp75l8E8wK8_7OtAJIiv_7gth2fkyLeZ5Ne5wO6YexvXJLh75exbg97BmaNNbtGPM4bwU_UEL5yS4-6aQvMejK70W4a0Ua23oQroVK76EudVUoDt2YZ3o8iGCyb1kUd4GVkUSEFvq7y_7Ui3ZuqYlgbVvKMAoIl71PBH82w_Saoo9gpXEIXZoNkxIUDmGSmj6GENK2M20u4918JrvwH1BaRRONHOamgc_oa4FuTq2Krjf7_YiTD9Zs2bsJn_y5YT0x4DUSun57Rw-fLSg5fAwwR95o_SaFyrGlb9SjBMDVd04TDa_naVow8WsmwXtWNt40z8EF3XofP4K-Ah2eWnPY2omxyE0cj0EjIIdDhismfInN-1Hqha2Mjl-hkPPvh-9-kRu_AxtHZMGXugxRxNbCtL-ABSkBIWA723yf1CiCG4hWUmCk_V1rRET&cid=CAQSOwDq26N97it0L5Kan47pW2OgfNeS_W5h0-KRtDKfT3AYrKtB_Q4VcFbeb11YPXuwbIer7uq-109G3CmqGAEgEw&rfl=2%2Chttps%253A%252F%252Flegas.com.ua%252F%240
Frame ID: 91DF8EEEF6844FB38DF8A59958A0727D
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/load_preloaded_resource_fy2021.js
Frame ID: 99CE39DE000F05D70A9DDA3CE0BA42D0
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B5D3CBBC5936EA3E05BBC6985D15D36A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 33D7C88DB6B97971ED15AB1F43E38134
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9D58F6CF397142AFF7C0C94243EFCD99
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js
Frame ID: F969600CCF3C7AE87CD209C47420E021
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/index.html
Frame ID: AF641B79A326B2E01A0A6941279D6FFE
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Правовой портал

Page URL History Show full URLs

http://legas.com.ua/ HTTP 301
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ Page URL

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

141
Requests

82 %
HTTPS

54 %
IPv6

40
Domains

47
Subdomains

33
IPs

9
Countries

1396 kB
Transfer

3830 kB
Size

41
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://caddy.com.ua/magazin/category/view/5.html

Search URL Search Domain Scan URL

URL: http://salutes.com.ua/
Title: Наш магазин

Search URL Search Domain Scan URL

URL: http://forum.legas.com.ua/
Title: ФОРУМ

Search URL Search Domain Scan URL

URL: http://caddy.com.ua/magazin/product/view/5/85.html
Title: Volkswagen Tiguan (3000 грн)www.caddy.com.ua

Search URL Search Domain Scan URL

URL: http://www.meteoprog.ua/ua/weather/Kyiv/

Search URL Search Domain Scan URL

URL: http://mytop-in.net/

Search URL Search Domain Scan URL

URL: http://www.i.ua/
Title:

Search URL Search Domain Scan URL

URL: http://banner.kiev.ua/
Title: Украинская Баннерная Сеть

Search URL Search Domain Scan URL

URL: http://www.novostimira.com.ua/
Title: Новости

Search URL Search Domain Scan URL

URL: http://clck.yandex.ru/redir/dtype=stred/pid=30/cid=1531/*http://maps.yandex.ru/kiev_traffic

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://legas.com.ua/ HTTP 301
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ HTTP 302
https://legas.com.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://legas.com.ua/css/style.css HTTP 302
https://legas.com.ua/css/style.css

Request Chain 1

https://legas.com.ua/js/jquery-1.4.2.min.js HTTP 302
https://legas.com.ua/js/jquery-1.4.2.min.js HTTP 302
https://legas.com.ua/js/jquery-1.4.2.min.js

Request Chain 2

https://legas.com.ua/images/logo.jpg HTTP 302
https://legas.com.ua/images/logo.jpg

Request Chain 3

https://legas.com.ua/images/ad/caddy_seats_new2.gif HTTP 302
https://legas.com.ua/images/ad/caddy_seats_new2.gif

Request Chain 5

https://www.meteoprog.ua/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00 HTTP 301
https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00

Request Chain 6

https://legas.com.ua/images/poll.jpg HTTP 302
https://legas.com.ua/images/poll.jpg

Request Chain 7

https://legas.com.ua/images/arrow.jpg HTTP 302
https://legas.com.ua/images/arrow.jpg

Request Chain 16

https://legas.com.ua/images/bg.jpg HTTP 302
https://legas.com.ua/images/bg.jpg HTTP 302
https://legas.com.ua/images/bg.jpg

Request Chain 17

https://legas.com.ua/images/menu_bg.jpg HTTP 302
https://legas.com.ua/images/menu_bg.jpg HTTP 302
https://legas.com.ua/images/menu_bg.jpg

Request Chain 18

https://040510111616.c.mystat-in.net/?i040510111616&t4&g27&w1600&c24&r&v3&j0 HTTP 301
https://resistcorrectly.com/w HTTP 302
https://hlmiq.com/to2/expedia.uk/ HTTP 307
https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0&original_destination=https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0

Request Chain 24

https://legas.com.ua/images/footer_bg.jpg HTTP 302
https://legas.com.ua/images/footer_bg.jpg HTTP 302
https://legas.com.ua/images/footer_bg.jpg

Request Chain 49

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 94

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1DOPpGBmQ7ETMnnMhsIqM&google_cver=1

Request Chain 95

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1DOPpGBmQ7ETMnnMhsIqM&google_cver=1

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENgmr7DLh68OlgYIq5_dMTg&google_cver=1

Request Chain 97

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2ODIyMzI2MjAxODQ5MDUxNw%3D%3D

Request Chain 114

https://id.rlcdn.com/466606.gif?cparams=google_push%3DASkJ3FYNzh9TzOY2cAsCVRiWAPwfPct5TsaDnbojDQhWlwlG-K8hqHxyi1HbBapgCQykreYOhhpwdBBH9EUsSuCopZBIP9Qoj2Q&google_gid=CAESEGrPNv_oMGI_mNVGVwOJjHU&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCIPZsJwGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BU2tKM0ZZTnpoOVR6T1kyY0FzQ1ZSaVdBUHdmUGN0NVRzYURuYm9qRFFoV2x3bEctSzhocUh4eWkxSGJCYXBnQ1F5a3JlWU9oaHB3ZEJCSDlFVXNTdUNvcFpCSVA5UW9qMlE HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwekViUFVyVzZvN0g2bGRZcTlCdUZ6SDV4MjFLeXljYUZESTJkTUx0UTktSQ==&google_push

Request Chain 115

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FZVxYkVsRWpBB_kZEki_ZjwSr-m8zP3eKzsPBXybqf43WjOHZr4j8sEo_j03hlXUNkgPRdpts7rLoJYZatW2MPKFlw75g&google_gid=CAESEEWeaYvf_c9SNYtGNChHb-U&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FZVxYkVsRWpBB_kZEki_ZjwSr-m8zP3eKzsPBXybqf43WjOHZr4j8sEo_j03hlXUNkgPRdpts7rLoJYZatW2MPKFlw75g&google_gid=CAESEEWeaYvf_c9SNYtGNChHb-U&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEyMDQwNTEzMzkwMDAzNjY4OTU0ODc5Mw%3D%3D&google_push=ASkJ3FZVxYkVsRWpBB_kZEki_ZjwSr-m8zP3eKzsPBXybqf43WjOHZr4j8sEo_j03hlXUNkgPRdpts7rLoJYZatW2MPKFlw75g

Request Chain 117

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKeEjRreDpKkB14IFAZqOHQ&google_cver=1&google_push=ASkJ3FalkYndepCSibmQpiI_AeMLnbE1tjfaDFmAbVyO7lcRpbeEd8fb7zjHP8pRAt36-gFSBEkyMKFixBV6pFqdQzPghUaOmVM HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKeEjRreDpKkB14IFAZqOHQ&google_cver=1&google_push=ASkJ3FalkYndepCSibmQpiI_AeMLnbE1tjfaDFmAbVyO7lcRpbeEd8fb7zjHP8pRAt36-gFSBEkyMKFixBV6pFqdQzPghUaOmVM&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_REgFcKoTm2oyOp7Znqu2Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FalkYndepCSibmQpiI_AeMLnbE1tjfaDFmAbVyO7lcRpbeEd8fb7zjHP8pRAt36-gFSBEkyMKFixBV6pFqdQzPghUaOmVM

Request Chain 118

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_cver=1&google_push=ASkJ3Fakz-Gl_JAnXrrDjNEyrs5qe-5dZPY8NLAYFVzOVFeHgJXneEQtiIO4Tyzt6drZJ5GyCO_ZWnWf7fzHKa76wK9Or-7VIg HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAAFCwAAAIB&google_nid=index&google_push=ASkJ3Fakz-Gl_JAnXrrDjNEyrs5qe-5dZPY8NLAYFVzOVFeHgJXneEQtiIO4Tyzt6drZJ5GyCO_ZWnWf7fzHKa76wK9Or-7VIg

Request Chain 122

https://d.agkn.com/pixel/2175/?google_gid=CAESEDo1bapyFgSDB5KhOH684TI&google_cver=1&google_push=ASkJ3FaP6ZOChpxr732tGNePCj4PJOYTjdcbyJv8U4SL99A-GpFrRfN89PuNVhrX_yRKBt7Vn4Sv0XGLCf09IvziMsFoh-D_Vmo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FaP6ZOChpxr732tGNePCj4PJOYTjdcbyJv8U4SL99A-GpFrRfN89PuNVhrX_yRKBt7Vn4Sv0XGLCf09IvziMsFoh-D_Vmo&google_hm=Q0FFU0VEbzFiYXB5RmdTREI1S2hPSDY4NFRJ

Request Chain 125

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKeEjRreDpKkB14IFAZqOHQ&google_cver=1&google_push=ASkJ3Fa177V3unMrHghxj7AmAhMMbzGKJ1Yy5Hq7pZrrsZM4TH-MuGW5euFkhN7U_4FJSSR33xJL3ArqK-5gupZkQ_TAyRHW2Wk HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKeEjRreDpKkB14IFAZqOHQ&google_cver=1&google_push=ASkJ3Fa177V3unMrHghxj7AmAhMMbzGKJ1Yy5Hq7pZrrsZM4TH-MuGW5euFkhN7U_4FJSSR33xJL3ArqK-5gupZkQ_TAyRHW2Wk&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=JMP5Q98fQGCDVS3waUCEaQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3Fa177V3unMrHghxj7AmAhMMbzGKJ1Yy5Hq7pZrrsZM4TH-MuGW5euFkhN7U_4FJSSR33xJL3ArqK-5gupZkQ_TAyRHW2Wk

Request Chain 126

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECgZ2MMzL_tCR-r9amzyngo&google_cver=1&google_push=ASkJ3FZwV_YqjvY1fndMX6Y0bjFZSlRTMqo94dtZMGZi0CSJ1YPxWO0OZXC0XJw6VfWNX73oaqowhiKHgav0yoFH-L-jG4gG3gw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI4V1JOUUwtMUktVktZ&google_push=ASkJ3FZwV_YqjvY1fndMX6Y0bjFZSlRTMqo94dtZMGZi0CSJ1YPxWO0OZXC0XJw6VfWNX73oaqowhiKHgav0yoFH-L-jG4gG3gw

Request Chain 127

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_cver=1&google_push=ASkJ3Fb9bQNtJWsbgUiiCEDTUQgphcf1yICCFGwsvbQEt8VUEQIKuSitiJ_5KaAHf78hSllCKBGuL5mhv1hUYdBQLqmmaifZaA HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAAFCwAAAIB&google_nid=index&google_push=ASkJ3Fb9bQNtJWsbgUiiCEDTUQgphcf1yICCFGwsvbQEt8VUEQIKuSitiJ_5KaAHf78hSllCKBGuL5mhv1hUYdBQLqmmaifZaA

141 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
legas.com.ua/
Redirect Chain

http://legas.com.ua/
https://legas.com.ua/
https://legas.com.ua/
https://legas.com.ua/
https://legas.com.ua/
https://legas.com.ua/

85 KB
16 KB

486ms
485ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://legas.com.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fbb4828d62f1375d0c8c8fd7f8aded6c19cf078e72bd51fd1cbff277ee672102

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 77420db11fa10672-LHR
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 04 Dec 2022 05:13:34 GMT
expires: -1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dpN5EZtY49nMGO1x4n7loUFXog0%2Bmr4YTIbWNYP1Ebw%2B6tRSe7DLe2a5f2%2FFrzzJ4ncXGh3Tv1KUjLqbVi52FeYRDSras4WRDISLFPud1XMcF4ifoL%2B0zW7XTVvif1VunfvHaPyzs91mWp8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 2.0.50727
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 77420dafdefb0672-LHR
date: Sun, 04 Dec 2022 05:13:33 GMT
location: /
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcaUu5v1CVJVEkXeSzMbJEX8OZSYIMtLphVubyYIeySh95St3bw8G8hAZUj%2BYuwspMCsqxZWJ0s5lkM6GEVJrepaUst8b7C81VviBibXeq7AHYJNVUgakhlPV6ChyqCBrZpIn4Yg0vFf%2Fx0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3

200

style.css
legas.com.ua/css/
Redirect Chain

https://legas.com.ua/css/style.css
https://legas.com.ua/css/style.css

5 KB
1 KB

351ms
351ms

Stylesheet
text/css

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://legas.com.ua/css/style.css
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 64f4ced5d55df1d2b68756fbeffafd50b5d09c3ad7703f89a0660269a4ea3a54

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Sun, 04 Dec 2022 05:13:34 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 04 Jan 2021 23:58:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"f6485582f5e2d61:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3xwNq4thKEIuV3trxJhhb9FdK7spDOcQz0LfBDO66EJTrh%2BdzPkFZnaXcKvOlSVh1EwBZkLjiCxsGl1LF%2Ft9X%2Bgftc66Lo3KDiUweQ%2FBO24U6QOGyiji3OcTSqO%2BMgoGya3GOdnlgcVhZg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 77420db569a50672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:34 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BfCx3tnmPKP11tCFCgozPrm558%2FMbG7jTjfqtj4LGWr%2BCej5mWOzO56RGjZvY%2FD7CY1QFPm%2BSswbixi9Z7OQmjJU6B1HrLcEIZakxmSmUWbUtaVHKeKpfXuE7O3OiK2q1gu%2F6yLVCf57sMk%3D"}],"group":"cf-nel","max_age":604800}
location: /css/style.css
cache-control: max-age=14400
cf-ray: 77420db439150672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

jquery-1.4.2.min.js Show response
legas.com.ua/js/
Redirect Chain

https://legas.com.ua/js/jquery-1.4.2.min.js
https://legas.com.ua/js/jquery-1.4.2.min.js
https://legas.com.ua/js/jquery-1.4.2.min.js

87 KB
28 KB

636ms
636ms

Script
application/javascript

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://legas.com.ua/js/jquery-1.4.2.min.js
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8d61bc67c5b06bbd0e0787fc1e661c2fb58ba72c46b7b05ca3ee94c20e599130

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Sun, 04 Dec 2022 05:13:35 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 04 Jan 2021 23:59:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"567c5795f5e2d61:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUJckE%2BaLBVmC%2F6tuJI2Xglb40tPEGCvQUvL9YgfE9VxcPi8debAwtAFPgqEE0wdCglCMmU8tdqJylTy4ZxxHLS8FQ61fA0REbFKA5f%2BglcmnEXehYzRVIR0J6E79cQkcLqLpEAVQoWI9hM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 77420db6aa5c0672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:34 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XrcN9uPypXnLjAe7A9FTddqkPH4k8l3YkJ5VpCWfbBvx4WUYeiFVuvO9%2FKh64aF09Jq2me3lrk16WI2B0urY7W%2Fe%2BK2DMjRUT4QM%2Bi1uFehfgkIGEXJsH4mXBoAhbsL0%2B%2BdrJ8K%2F9wKoAWw%3D"}],"group":"cf-nel","max_age":604800}
location: /js/jquery-1.4.2.min.js
cache-control: max-age=14400
cf-ray: 77420db569a40672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

logo.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/logo.jpg
https://legas.com.ua/images/logo.jpg

30 KB
30 KB

476ms
476ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/logo.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 79d43d860bcaf8b62c343669b1c7c7acf20a83d0a35ade74f875c8157e71bbd4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30504
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:58 GMT
server: cloudflare
etag: "1fa77791f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDBy7%2Fft3P9XUrBZwkiiLDzHZGsULegqJRYzbaYS61dq5ZY%2Fi3T7zRFNaPNMsFvEvjTJvmgNFN%2FGgVg23OMtmiaER2CzkcVlOKcZh7eH%2FMwaRFI6R8w7LxzPkoN5C60WdZfjuo99Ruq%2F2TI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77420dbc1d290672-LHR

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Znuja8utV6VHi5Azog7dMH09CIQmFWH%2FxltrBMgeEMISLrp4p8Fipeb8A0hEOKFgY8cuemO%2FcF4BgrrA9CaFw26QRc6%2B0xicSuJztG6BT613V4xQnjbFkQr2OG62gCcNWAT4cAcWqYNfzro%3D"}],"group":"cf-nel","max_age":604800}
location: /images/logo.jpg
cache-control: max-age=14400
cf-ray: 77420dbadc770672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

caddy_seats_new2.gif
legas.com.ua/images/ad/
Redirect Chain

https://legas.com.ua/images/ad/caddy_seats_new2.gif
https://legas.com.ua/images/ad/caddy_seats_new2.gif

69 KB
69 KB

630ms
630ms

Image
image/gif

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/ad/caddy_seats_new2.gif
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 21583f7002df3434278d0ac87cde6b062999b39689e75945e152f8a5e75ef7fe

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70616
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:59:03 GMT
server: cloudflare
etag: "beb02894f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0in3t%2B3u1Trt%2B%2BtR13XlTAhQ0ggx6NvY2ZTBihQJ%2FO6igq3ZsggAuO7izO1%2FuyUm428LvpShf8xVqjAaZK%2BZb6RjrCuRkhBF%2FvznHvKxSED7BUW1L6BSZM8%2F8O3BMaQEdaBObJV0dIxK9WM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77420dbc1d2e0672-LHR

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vRHDvC1ISIGf3tXmgSJQ9ruT7s0TbwYHtg%2FzXOl2V6VvWKBTqJ2LSUq5Kav02RGYeQ%2FO%2F%2FzDyhMsEsAukSDGgyakCk171Xy4n9RDsu5m0yeZAMKWWGohVshhDz%2FGx%2FsMjORWOoH4lVGFHmk%3D"}],"group":"cf-nel","max_age":604800}
location: /images/ad/caddy_seats_new2.gif
cache-control: max-age=14400
cf-ray: 77420dbaec7c0672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 404 VWTGN-1.gif
caddy.com.ua/components/com_jshopping/files/img_products/ 0
0 274ms
64ms Image
text/html 31.131.16.29
VPS-UA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://caddy.com.ua/components/com_jshopping/files/img_products/VWTGN-1.gif
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.131.16.29 , Ukraine, ASN56851 (VPS-UA-AS, UA),
Reverse DNS: 29.16.131.31.uashared05.twinservers.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2

500

/
www.meteoprog.com/ua/informerget/
Redirect Chain

https://www.meteoprog.ua/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00
https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00

0
171 B

203ms
74ms

Image
text/html

49.12.116.255
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Server: 49.12.116.255 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.255.116.12.49.clients.your-server.de
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
last-modified: Sun, 04 Dec 2022 05:13:35GMT
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00
date: Sun, 04 Dec 2022 05:13:35 GMT
server: nginx
content-length: 162
content-type: text/html

GET
H3

200

poll.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/poll.jpg
https://legas.com.ua/images/poll.jpg

2 KB
2 KB

333ms
332ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/poll.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a6e648923be27227370e476a3fe1b29b7d43f486b80ffb409a04d7b6ef3909ca

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1616
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:59 GMT
server: cloudflare
etag: "6e56a791f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JC3gmplbMpYPCU8ppssoTcdNNgPfzS2O6YAnLqtP7ZIb9QxjurHmolVQ5Q8%2FVovjEpMw8hQtiFauiWH973tx1km38g3DZrNbFm%2Bs2g7m5MD1fE0FV2U7aptP1a971%2FRuieNeybRgBhNGswg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77420dbc3d3b0672-LHR

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dpaotYqbrApJIB0mJ9o6I5oW5QpFi7V0KmcboQ%2F5Nhjl3ZiEXa51EVm8fl1%2BGKnstpRb8Gkv7iUsN5Zy9be%2B8Z0Yw8urvi7ZKMBw9eG7MdBG9w3Q6NcdjRPbyeOs%2BrFvlMdH5yNsw4esOQ0%3D"}],"group":"cf-nel","max_age":604800}
location: /images/poll.jpg
cache-control: max-age=14400
cf-ray: 77420dbaec810672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

arrow.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/arrow.jpg
https://legas.com.ua/images/arrow.jpg

349 B
869 B

325ms
325ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/arrow.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6edbf13af2f07f3ff6cf1b7ab649b8c6c28d247f2d7750a8593bd534de07d744

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 349
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:51 GMT
server: cloudflare
etag: "a7af18df5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2t7IVKgQNL8VUNL5LOusOA9ClTJ1VuRJHwMi3nlk1oWpkPj6ExeiWlQKSNYb%2F29ssjnmy167JcigFY9mOavjP4yQEdLaSzggdqEyPb4M4xfapOcne%2BZLX4XTLqs3UY47P58P8AURGQtsTyU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77420dbc2d340672-LHR

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00qGbSwgbxRvaZEO0q%2F3BSRRo9D8FCAyQ6x%2FSTCeAXOEPmyagu6AwiSlQlGb15dzgOXnwfXeuTUim%2BlJ2EQd8m074g4SgliJQ%2BwyIIiln4rQy5GU4fFvfzm8yzJtlAjD7Cmh3fwQRioap%2BA%3D"}],"group":"cf-nel","max_age":604800}
location: /images/arrow.jpg
cache-control: max-age=14400
cf-ray: 77420dbaec820672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 98 KB
34 KB 177ms
76ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b515f8ef7e527366a43bd9135ae400848724710323422e67fda10ad6c33a7195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34129
x-xss-protection: 0
server: cafe
etag: 7853660164625903741
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 04 Dec 2022 05:13:34 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 142 KB
48 KB 175ms
81ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

569c702259b383caefdb03116027827805835f3fe8bc26d24e6458ded72632c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49052
x-xss-protection: 0
server: cafe
etag: 1690401242533153074
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 04 Dec 2022 05:13:35 GMT

GET
H2 404 current_traffic_150.gif
info.maps.yandex.net/traffic/kiev/ 0
0 369ms
91ms Image
text/html 2a02:6b8::130
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://info.maps.yandex.net/traffic/kiev/current_traffic_150.gif
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6b8::130 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 404 script.js
cpa.com.ua/get_js/ 0
0 664ms
563ms Script
text/html 2606:4700:3031::ac43:c6bd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpa.com.ua/get_js/script.js?aid=90
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c6bd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 149 KB
55 KB 179ms
71ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N2VDHS

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a09e13c638a87221309d50308f54beade6403e4e4a051f485461f4405ba1929e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55367
x-xss-protection: 0
last-modified: Sun, 04 Dec 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 04 Dec 2022 05:13:35 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 127ms
40ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9643a0ee05228b6e4016e9fe18284e440e35ddebd698cfce3d1ca72728885827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 04 Dec 2022 05:13:35 GMT
content-md5: tW9q3WEBuvfY6vcbJVkTWA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: 7FRlv0H+jX1xhbKHNx7K5oGpKRs+qKUxCDXXbKfDQ6OspbJ0u3BMAytjQCbXqHil7eg0NnYVYCncIJmT0iZlAw==
x-fb-trip-id: 1709462857
x-fb-content-md5: 0f5b9903f54b1b42eec0eeb522314718
cross-origin-opener-policy: same-origin-allow-popups
etag: "3053a337e201518bc85a63e125eb9fd0"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Sun, 04 Dec 2022 05:18:08 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 143ms
43ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 04 Dec 2022 03:24:40 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6535
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sun, 04 Dec 2022 05:24:40 GMT

GET 155
a1.admaster.net/a/10507/ 0
0

GET
H3

200

bg.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/bg.jpg
https://legas.com.ua/images/bg.jpg
https://legas.com.ua/images/bg.jpg

374 B
901 B

327ms
327ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/bg.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/css/style.css
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a86b3a844dad8b4c5673af644a74b9046f920772bfc75d0f5fa0704d19510d2e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 374
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:53 GMT
server: cloudflare
etag: "4fb55d8ef5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2afoTNEo5mb%2BHzh%2FG9FCO0HZvsyHBtrTJz6jYsbV%2B3KnGjh1K3owyNj4DACWs0QemCrnpk%2FM1KnioOf0bEmYEb9%2BvXrXG250n6dhfbc87w%2FWRWOhBt8N0L3vP%2FJmwclE341r9xs6U7Y2pDQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77420dbdbde80672-LHR

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lCSKXQovXBEK0qq0zA6MJ0mytBqC2otNgjKwVOLhVsqo8WFVtaWECSlye5xLVzclotVcCfMOBwwmCLRyXyE7oP9ZYtgeQXF42M7Q0gU4vKe%2FNivd7ylJeyVFKwIfW3c9OC0ihZrv1PdXJCA%3D"}],"group":"cf-nel","max_age":604800}
location: /images/bg.jpg
cache-control: max-age=14400
cf-ray: 77420dbc2d320672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

menu_bg.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/menu_bg.jpg
https://legas.com.ua/images/menu_bg.jpg
https://legas.com.ua/images/menu_bg.jpg

1 KB
2 KB

338ms
337ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/menu_bg.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/css/style.css
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 720b21233cc3f5ac1443ecb48e8807913f0927ee4ffd04d805b76aa2b93bed2b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1106
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:59 GMT
server: cloudflare
etag: "c4928391f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAPsVPCSpJGHOUgmvJLOtC%2FktKBRbtTecyKM8Qc2s9i%2FF%2F1RyK1ToHno%2B%2FQ985vGC3xUg1SGClj8DDEa9IM2sTU9K5MPhIs9cE0uYLUwogJvWhuAiVoISF%2BNJZ62KjGJIBjloWmGhSWFoS4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77420dbdbde70672-LHR

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7lXspRE9%2FOjw3HjTbTuJIB7dpSSoASmoritnmtdrJMcdVEoVeJyXoGGfa%2BiV8qnWKsPWb4exuZyniMQjbFKnzFLZ1XWq3o9e5ZoMHmUEBANwWKWz0%2FphE6d5TNyb%2BDysGt2SKS43qQlIcrI%3D"}],"group":"cf-nel","max_age":604800}
location: /images/menu_bg.jpg
cache-control: max-age=14400
cf-ray: 77420dbc2d370672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

429

/
www.expedia.co.uk/
Redirect Chain

https://040510111616.c.mystat-in.net/?i040510111616&t4&g27&w1600&c24&r&v3&j0
https://resistcorrectly.com/w
https://hlmiq.com/to2/expedia.uk/
https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0&original_destination=https://www.expedia.co.uk/?clickref=...

0
0

422ms
221ms

Image
text/html

104.76.200.192
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0&original_destination=https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Server: 104.76.200.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-200-192.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

Location: https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0&original_destination=https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0
Date: Sun, 04 Dec 2022 05:13:37 GMT
Referrer-Policy: no-referrer
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET /
c.bigmir.net/ 0
0

GET
H2 200 s
r.i.ua/ 2 KB
3 KB 294ms
224ms Image
image/png 104.18.3.81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.i.ua/s?u66180&p62&n0.34997388741476243&c1&d24&w1600&h1200&r/legas.com.ua/
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.81 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 237cf8f37b13897d316cac3b0d7c27944683b5ac05459e2ba1372ed521c9dd44

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/png
p3p: policyref="http://i.i.ua/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
cache-control: no-cache, must-revalidate
cf-ray: 77420dbb78f43622-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/ 354 KB
116 KB 130ms
83ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_with_ama_fy2021.js?client=pub-8431813121812491&plah=legas.com.ua

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05c98fff0246c3e7a08bdb57be4fe2333b23a2ea2d6b93732262149d6bd4ff0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119183
x-xss-protection: 0
server: cafe
etag: 16782156366764074988
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 04 Dec 2022 05:13:35 GMT

GET 1322
g.novostimira.biz/l/ 0
0

GET
H/1.1 200
Ok ya.ru
clck.yandex.ru/click/dtype=stred/pid=30/cid=1529/*http:// 43 B
587 B 299ms
88ms Image
image/gif 2a02:6b8::14
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://clck.yandex.ru/click/dtype=stred/pid=30/cid=1529/*http://ya.ru

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::14 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

7e928161cd626935d39ff08188caa3f3a918811ca87194082dedf28b697ce6fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Cache-Control: no-cache
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Content-Type: image/gif

GET
H3

200

footer_bg.jpg
legas.com.ua/images/
Redirect Chain

https://legas.com.ua/images/footer_bg.jpg
https://legas.com.ua/images/footer_bg.jpg
https://legas.com.ua/images/footer_bg.jpg

307 B
836 B

358ms
358ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://legas.com.ua/images/footer_bg.jpg
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/css/style.css
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 59729251e018160eeed443c848fa5fd802b40e984b5afe60560c3cbe9d7b4612

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 307
x-powered-by-plesk: PleskWin
last-modified: Mon, 04 Jan 2021 23:58:56 GMT
server: cloudflare
etag: "a93d4b90f5e2d61:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V6aRcqNFUUFzNHhuvJ0Xz7t3gZAK6dqJZ%2F87olcwj1m0%2FPFqcEGnWG%2BqDacuBV%2BNHdscmksv%2BfqxJVgXb9YKBCn1BLlRcfSuareRWI18yl7gc54HCZXzkT71OoMLmN%2FTWLw7%2BKPxZPraV5A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 77420dbe0e130672-LHR

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ALLIDz9t6C8OhDsMLQef%2FhLAMpRM6HAw3%2BjmfpxhTIMx14DhNcg9b6Tjw5fPvcockIcfq5CUmW%2BTnStG7nyGj0GHboYIxTMrNzzlFvLPHh8WRcL43WRJwuyPbSN6lOl6ftYP112R36Ef0pM%3D"}],"group":"cf-nel","max_age":604800}
location: /images/footer_bg.jpg
cache-control: max-age=14400
cf-ray: 77420dbcdd870672-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 306 KB
86 KB 80ms
38ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=008c641ced622425b51cfd05689875dd

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a9f8abc0cbb63c54e23f50e7b49e9c715fcc71169dc0a66c0c1b05fc725ae6c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://legas.com.ua/
Origin: https://legas.com.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 04 Dec 2022 05:13:35 GMT
content-md5: p+/dviqEtdFpXgRxgSQaAQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88358
x-fb-rlafr: 0
x-fb-debug: 6XsedJd89WVlXeS8wiohNKtJvotggGxc46nWbV0IQZ42GKgsXFqtpWITEjy7HsRxFfWDXMeRuFPcK3IuTh9AHQ==
x-fb-content-md5: 124e4d50afa4e2791b4857f6f8554fea
cross-origin-opener-policy: same-origin-allow-popups
etag: "9c5c4671ae34bc0651eb4218919308f4"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 04 Dec 2023 03:17:30 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 144ms
53ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1735527862&t=pageview&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1647543902&gjid=1109879694&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&_r=1&_slc=1&z=6087277

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/ Frame 9A5E 10 KB
5 KB 145ms
44ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 44134
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 16:58:01 GMT
etag: 10353107486223812946
expires: Sat, 17 Dec 2022 16:58:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 391 B
696 B 157ms
53ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=legas.com.ua&callback=_gfp_s_&client=ca-pub-8431813121812491&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_with_ama_fy2021.js?client=pub-8431813121812491&plah=legas.com.ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f11634b2fde9633b66339f835b3dd66c1d6c6539ce687e37242ce5071f4cd25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 252
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 157ms
54ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 155ms
55ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5B9C 86 KB
32 KB 589ms
550ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1486316043&pi=t.ma~as.2642460384&w=468&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815205&bpp=19&bdt=1111&idt=298&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&correlator=6870466341636&frm=20&pv=2&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=396&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=SSYIpcTwis&p=https%3A//legas.com.ua&dtd=320

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b8a002390afd22c13b4e9a26dcb0df38ec621033997805b14e826ba3d6569ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 32382
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:36 GMT
expires: Sun, 04 Dec 2022 05:13:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
436 B 125ms
40ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-9703351-1&cid=418467287.1670130815&jid=1647543902&gjid=1109879694&_gid=616744480.1670130815&_u=IEBAAEAAAAAAACAAI~&z=1872813727

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 05:13:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D6DC 430 B
405 B 169ms
145ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1365725250&pi=t.ma~as.2642460384&w=468&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815230&bpp=5&bdt=1136&idt=303&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384&correlator=6870466341636&frm=20&pv=1&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=969&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FpdkKTxaeE&p=https%3A//legas.com.ua&dtd=308

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d4b9594a3f5f07d507ad95311d60f311a9ab9fa29ad1e69a992d0667f877b84e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 206
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:35 GMT
expires: Sun, 04 Dec 2022 05:13:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C1D8 430 B
374 B 169ms
153ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=600&slotname=3398747635&adk=240658524&adf=1605720054&pi=t.ma~as.3398747635&w=160&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815258&bpp=15&bdt=1164&idt=286&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&prev_slotnames=2642460384%2C2642460384&correlator=6870466341636&frm=20&pv=1&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1179&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=ZBQEd5h1jt&p=https%3A//legas.com.ua&dtd=292

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1945233d4d60c4b7cf8c2ffcb08e8114f437f21012e10613fe955be1067eb481

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 207
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:35 GMT
expires: Sun, 04 Dec 2022 05:13:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B7DB 430 B
377 B 155ms
146ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=250&slotname=8161031849&adk=4210853449&adf=3405296861&pi=t.ma~as.8161031849&w=300&lmt=1670130815&format=300x250&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815445&bpp=2&bdt=1351&idt=109&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_slotnames=2642460384%2C2642460384%2C3398747635&correlator=6870466341636&frm=20&pv=1&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1109&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=BJyj4s8Vd3&p=https%3A//legas.com.ua&dtd=112

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

515a2e2a32a588aa7ba3d8f701d52b37ab6d28ed40d0ce99ddda77e21f4a4359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 207
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:35 GMT
expires: Sun, 04 Dec 2022 05:13:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 like.php Show response
www.facebook.com/v2.0/plugins/ Frame 3AEA 50 KB
18 KB 356ms
276ms Document
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3dc7a48e2bf7cc%26domain%3Dlegas.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Flegas.com.ua%252Ff27f50965484794%26relation%3Dparent.parent&container_width=300&href=http%3A%2F%2Flegas.com.ua%2F&layout=standard&locale=en_US&sdk=joey&share=true&show_faces=true&width=230

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=008c641ced622425b51cfd05689875dd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

39d9a7d27746abac94a816afff9163ad94d43f73261948af892bd4d149ddad4e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Sun, 04 Dec 2022 05:13:35 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v9.0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: YAe0JlFD3ooYcPUnSTa1po6scwR68eggepTI15u/AXpibqXQ1XYINi5gBe6lYsJXHSNIbLBKtvB8PtfzGgSsrQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 enrhRHOaSdR.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yU/l/en_US/ Frame 3AEA 523 KB
134 KB 40ms
39ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yU/l/en_US/enrhRHOaSdR.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3dc7a48e2bf7cc%26domain%3Dlegas.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Flegas.com.ua%252Ff27f50965484794%26relation%3Dparent.parent&container_width=300&href=http%3A%2F%2Flegas.com.ua%2F&layout=standard&locale=en_US&sdk=joey&share=true&show_faces=true&width=230

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

89428c566f5a59537e7f5d10f755ab703d555072a2188e747ad2afb5203f124e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:35 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 5TyZxLjeIreiBYoFSBbEeg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137299
x-fb-rlafr: 0
x-fb-debug: Lkp8RLDRKe5iOSm/Df6gyUHETWpx3STeC6ksSA6OM5nJy5quB0oKiAK59KbaQ6nGM2I6dgSN3Tt8GE8X8NmeCw==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sat, 02 Dec 2023 20:45:40 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 3AEA 299 B
520 B 110ms
110ms Image
image/png 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:36 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: wRR4omWEEBjLvg6meVg0Oe0qJKvcC6LmwYe6Su2kMEUlvomCkMkUhsV2ubrTdWsFYvKsadfdon/Ggzh562Nq6w==
x-fb-trip-id: 1709462857
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 24 Nov 2023 07:52:44 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5B9C 8 KB
1 KB 150ms
54ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1486316043&pi=t.ma~as.2642460384&w=468&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815205&bpp=19&bdt=1111&idt=298&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&correlator=6870466341636&frm=20&pv=2&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=396&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=SSYIpcTwis&p=https%3A//legas.com.ua&dtd=320

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 04 Dec 2022 05:13:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 04 Dec 2022 04:45:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 04 Dec 2022 05:13:36 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 5B9C 2 KB
818 B 154ms
57ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51448
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:08 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 5B9C 23 KB
10 KB 139ms
44ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51448
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:08 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 5B9C 3 KB
1 KB 152ms
58ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51448
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 5B9C 18 KB
7 KB 145ms
50ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51447
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5B9C 155 KB
48 KB 150ms
53ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48508
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1669811598765935"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 04 Dec 2022 05:13:36 GMT

GET
H2 200 83de75e735dabeddf4e705de6f0a2f41.js Show response
www.gstatic.com/mysidia/ Frame 5B9C 34 KB
14 KB 140ms
43ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/83de75e735dabeddf4e705de6f0a2f41.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 01:40:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 444802
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14157
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 00:08:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 27 Feb 2023 01:40:14 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5B9C 0
0 184ms
92ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEWD6fyyMY-L1JIKsgQfGsa_4DIne_bZtmNO61uUQ-Ki2lYsDEAEg-eO_GWC7hoCA0AqgAbeYgaIoyAEBqQIRGZj093N7PqgDAcgDywSqBN8BT9CA5kaX6lu4Q8ywoD92D22wzy3h3NT_sbR8PfNahe_DKn8niJ-oarH2XyHbuGsmvbOLxeXG_t9eyLv8tw9nxNrfLxJTKbMgJIIxqAZJTujkuSnOn-qOvmCHUcNOBdAMAjEGnRX_tJF3BKiszBQHPRS4GDTb1OfYQ2-fndmDoQIQyj3uZqTnVQyHHMiMdXWXaVRmbiVOUMPaQ_XhLgnjQGkLc7SMMEGtBzrEVlIrWdmeKpGOcM-4MmaYwF8MXX8wtOP7G7ZyNEKgyVVBBAz5VcSAFYTvARk1bNlKKnksXsAEgaqSrYYEkgUECAQYAZIFBAgFGASAB8zDt8sDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ0_0D0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwKIFAHQFQGAFwGyFxwKGggAEhRwdWItODQzMTgxMzEyMTgxMjQ5MRgA&sigh=PcNncSQpWsM&uach_m=[UACH]&cid=CAQSGwDq26N9eKkp2jITlG-vkR4OLgHR_bJ4nJrH1hgBIBM&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1486316043&pi=t.ma~as.2642460384&w=468&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815205&bpp=19&bdt=1111&idt=298&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&correlator=6870466341636&frm=20&pv=2&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=396&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=SSYIpcTwis&p=https%3A//legas.com.ua&dtd=320
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 04 Dec 2022 05:13:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 04 Dec 2022 05:13:36 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 97B8 143 B
166 B 46ms
45ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&h=60&slotname=2642460384&adk=903195660&adf=1486316043&pi=t.ma~as.2642460384&w=468&lmt=1670130815&url=https%3A%2F%2Flegas.com.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130815205&bpp=19&bdt=1111&idt=298&shv=r20221110&mjsv=m202211150101&ptt=5&saldr=sa&abxe=1&correlator=6870466341636&frm=20&pv=2&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=537&ady=396&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7Cn&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=SSYIpcTwis&p=https%3A//legas.com.ua&dtd=320
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 2693
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 04:28:43 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5B9C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a6e4685de256f1f5db18c2d250ffd77609c6b84ccd7793c93680905eaefa5c7b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 97B8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

60ms
59ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:36 GMT
expires: Sun, 04 Dec 2022 05:13:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:36 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 5B9C 28 KB
28 KB 142ms
44ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 21:35:41 GMT
x-content-type-options: nosniff
age: 200275
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 21:35:41 GMT

GET
H3 200 api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C5D 36 KB
16 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 16:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45504
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 03 Dec 2023 16:35:12 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5B9C 42 B
64 B 172ms
81ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuODUQIQMVIRZeH8GPjJDX2rpEvg5Fo6uCE0f7LLPGQeVDFlgSIMv_6ImwlEZ2H82xf96lu3yvjZk6VkYRZynWK0svvg4BPSJmprjGvg1sdZP-E5i-cw7JVtnRF0r1WfuYTGMRK3Q&sai=AMfl-YQ7q_HjwucxVmE45ehm5vRtjZG90K95c3M60iiYiW52XMsXZ-S-03auHrnYlqEZ132134pMG_HJIL9A-Gg&sig=Cg0ArKJSzHKp0zAWiwnREAE&cid=CAQSGwDq26N9eKkp2jITlG-vkR4OLgHR_bJ4nJrH1hgBIBM&id=lidar2&mcvt=1001&p=0,0,60,468&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20221130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=903195660&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670130815528&rpt=1103&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 143ms
54ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 144ms
54ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1D8A 197 KB
57 KB 423ms
423ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8431813121812491&output=html&adk=1812271804&adf=3025194257&lmt=1670130818&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Flegas.com.ua%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670130818070&bpp=1&bdt=3976&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4dc4798ab816c438-2237671d07d80032%3AT%3D1670130815%3ART%3D1670130815%3AS%3DALNI_MZe6vp3gx5IGi2LDbcXgjEhG75vWg&gpic=UID%3D00000b8d69e4e8c7%3AT%3D1670130815%3ART%3D1670130815%3AS%3DALNI_MarxrijUDK7agoWAeyWoZtMJTNxkw&prev_fmts=300x250&prev_slotnames=2642460384%2C2642460384%2C3398747635&nras=1&correlator=6870466341636&frm=20&pv=1&ga_vid=418467287.1670130815&ga_sid=1670130816&ga_hid=1735527862&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881&oid=2&psts=AMjMPc3ZwASzvr1HHoDG5TBLcHCiwBrLQXuLDF20Yw4b4trRbvkX4PI2Rgh6utHD7dxRQwDWKFRiRmanbPZg-fQs5A&pvsid=3013785854762593&tmod=54109614&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=11

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2a33699344b72a323da92cb91da2af33b58c34e264965d44e270695a1f091ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 58388
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 94ms
93ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abb1939abd97435c40df952f2c5b5c6352f6ce900802a1a18a1d4935eda6bacc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11042
x-xss-protection: 0

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 121ms
40ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-9703351-1&cid=418467287.1670130815&jid=248795744&gjid=1856876978&_gid=616744480.1670130815&_u=aGDAgEABAAAAAGAAI~&z=819606433

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 05:13:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N2VDHS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 04 Dec 2022 03:24:40 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6538
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sun, 04 Dec 2022 05:24:40 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 52ms
52ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1735527862&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=Full%20Page%20Load&utl=5-6%20seconds&utt=5434&_u=aGDAAEABAAAAAGAAI~&jid=577496583&gjid=1913386369&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&_r=1&gtm=2wgbu0N2VDHS&z=1411665944

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 45ms
44ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1735527862&t=event&ni=1&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Page%20Load%20Time&ea=5-6%20seconds&el=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB%20%3A%3A%20https%3A%2F%2Flegas.com.ua%2F&ev=5434&_u=aGDAgEABAAAAACAAI~&jid=248795744&gjid=1856876978&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&gtm=2wgbu0N2VDHS&z=676849500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Dec 2022 19:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 47ms
44ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1735527862&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=DNS%20Lookup&utl=%3C%200.1%20second&utt=0&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&gtm=2wgbu0N2VDHS&z=1576513673

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Dec 2022 19:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 48ms
45ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1735527862&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=TTFB&utl=0.2-0.5%20second&utt=485&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&gtm=2wgbu0N2VDHS&z=1902387604

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Dec 2022 19:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 48ms
46ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1735527862&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=HTML%20Download&utl=0.2-0.5%20second&utt=434&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&gtm=2wgbu0N2VDHS&z=950741155

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Dec 2022 19:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 48ms
46ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1735527862&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=Parsing&utl=1-2%20seconds&utt=1470&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&gtm=2wgbu0N2VDHS&z=35106765

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Dec 2022 19:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 48ms
47ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1735527862&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=Rendering&utl=3-4%20seconds&utt=3545&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&gtm=2wgbu0N2VDHS&z=427059092

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Dec 2022 19:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 49ms
48ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1735527862&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Page%20Load%20Time&utv=DOM%20Loaded%20and%20Parsed&utl=2-3%20seconds&utt=2973&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&gtm=2wgbu0N2VDHS&z=895946151

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Dec 2022 19:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 50ms
49ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1735527862&t=timing&_s=1&dl=https%3A%2F%2Flegas.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9F%D1%80%D0%B0%D0%B2%D0%BE%D0%B2%D0%BE%D0%B9%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=Resource%20Load%20Time&utv=%3Fi040510111616%26t4%26g27%26w1600%26c24%26r%26v3%26j0&utl=2-3%20seconds&utt=2875&_u=aGDAAEABAAAAAGAAI~&jid=&gjid=&cid=418467287.1670130815&tid=UA-9703351-1&_gid=616744480.1670130815&gtm=2wgbu0N2VDHS&z=643125756

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Dec 2022 19:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 58ms
40ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-9703351-1&cid=418467287.1670130815&jid=577496583&gjid=1913386369&_gid=616744480.1670130815&_u=aGDAAEABAAAAAGAAI~&z=1087143969

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://legas.com.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 05:13:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://legas.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 153ms
57ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 04 Dec 2022 05:13:38 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1173 13 KB
5 KB 50ms
45ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 32979
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 20:03:59 GMT
expires: Sun, 03 Dec 2023 20:03:59 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B802 783 B
535 B 146ms
54ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8a3f917ad27183dcf0d8e0914cbd84b1376298db382e66459b3376911e75a668

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8s9bk7Fs2E5Yqnwju_AZFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-8s9bk7Fs2E5Yqnwju_AZFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:38 GMT
expires: Sun, 04 Dec 2022 05:13:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js Show response
pagead2.googlesyndication.com/bg/ Frame 1173 36 KB
16 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 16:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 03 Dec 2023 16:35:12 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B802 0
0 79ms
78ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221110&jk=3013785854762593&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1173 0
10 B 45ms
44ms Image
text/plain 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?mscO2A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/ 150 KB
51 KB 88ms
88ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c7ca8ff5817ef383260a975d3efaab3613d2dba4cbda4969e12dd63d39fe905

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52282
x-xss-protection: 0
server: cafe
etag: 15502542541905374720
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 04 Dec 2022 05:13:38 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 79ms
78ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pm&rt=8%2C1&c=ca-pub-8431813121812491&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 79ms
78ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-8431813121812491&warn=12%2C13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=true&a=6%2C1%2C5%2C7&apv=20221130_093502&sat=1670065721363&afm=0&as_count=3&d_count=0&ng_count=0&am_count=0&atf_count=3&mdns=0.160&alldns=0.160&allp=3&fd=(0%2C3%2C0)%2C(1%2C0%2C0)%2C(2%2C0%2C0)&pgh=2310&abl=false&rr=n&su=legas.com.ua&pvc=3013785854762593&r=0.1&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 78ms
78ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pr&rt=8%2C1&c=ca-pub-8431813121812491&eid=44759875%2C44759926%2C44759842%2C42531705%2C44770881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 53ms
53ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 54ms
54ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=legas.com.ua

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/ Frame E3E1 10 KB
4 KB 46ms
45ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 77214
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 07:46:44 GMT
etag: 10353107486223812946
expires: Sat, 17 Dec 2022 07:46:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/ Frame 49FD 10 KB
4 KB 45ms
45ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://legas.com.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 77214
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 07:46:44 GMT
etag: 10353107486223812946
expires: Sat, 17 Dec 2022 07:46:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame E3E1 4 KB
636 B 145ms
54ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 04 Dec 2022 04:59:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 04 Dec 2022 05:13:38 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E3E1 205 B
229 B 136ms
45ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 04:19:29 GMT
x-content-type-options: nosniff
age: 3249
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 04 Dec 2023 04:19:29 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E3E1 604 B
628 B 135ms
44ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 02:04:51 GMT
x-content-type-options: nosniff
age: 11327
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 04 Dec 2023 02:04:51 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame E3E1 19 KB
8 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

578d39c8cc926851f5be1195f339d26cbbf239f2f7cac8b55b349276514b85fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60685
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8086
x-xss-protection: 0
server: cafe
etag: 7427986489964165156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 12:22:13 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7AE0 624 B
242 B 57ms
57ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIzeRBCm8U8YlImP2gEwAQ&v=APEucNWl-LlLMaMtlEq0IKKFixMyPfWvmiad2ktqhRtVMxB3uUUgOOeJWsdwCxhtJLy4odzYJST0pjqBVAwlYkjvDKrmAkJkd75-5F0wU443zi6TLFQ7yZKI9afJgXaT-yaj3vfZ8OL92AbMxFhQc3IDM8wNuAv0y0t7F_ifUKH25tfk_HPJK-I

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 05:13:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 91DF 80 KB
34 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BSYXLoKmhvv7NUNVID4zm_1ZpqeEpVBF9XaMxF4bvOrCjXfPvB4Z4AYfqiq0wDKPV-CMTMefo7uGXkiG4JLJ4pCxVK1Q&cry=1&dbm_d=AKAmf-CEGM5DvOK-3Dd6HFOp7dFzyJCM6yCy9s1cm9fsUIwmarq-bug2zD6Ex-SD9RryafJd25ywsGLtli7HKg-9XQQRVfsOosZ44_aY-c9RvQzumJsKrz8rtyD9BR1fU1i9x-9JR1EYIg_RLDHRUfVjN-qe581CDwKs60Ly9Eel2on6Ja35svvQWmUwfio5JwjTOJYhdSqIOpU45XZ_5aVkeJRwlUcL-R6corxOa7qOv7A0eK1WBTbyxKNwZkRRoyhL4ZpXUIb-3zXqWKR8VfJbrAatieqvMKGt1Qesg-3I_BsruLzAWKmMyrVZ3ptBRD32b-IxXBJDnufApg6FMebiTuOfmf4MviiZfk_01nRipBOUnTNVwKGJuJa_ngeEaUWfKeAQNaxTwZXBFzVe2VJ2JyXr4lS5XT99R8xuy4UHvU71lU8xmV4frqE08WDAknJoIjAzaz4ZkmXGa6ZbHZj4Mry-0SrZkgP84pG12MQ4OTxa7GqKd1ZMSoAOYctpJfF1eqIMumryb61VEcBK8x1-lIWYEX6WuTOtEdrhk5eGH71EyTC8htWHL8aDZALfza9vLWq7lr70xeMGjzOpYxWNfR7hsMi3gZaEOxeA5tIAUs5iZfmzG5v9Gcbb1pvsmVaZFXLTRznOKsT9m_xE-fYaLfIn0E1AncEtmSDtLHOvzu4_UgqVmW-2AnNJ4MXRj7acY80zD3XW7HbtZPAzHPqwzSRMblsuVX-1ncjbfFGB7LjtK_RdRWUlzHZF-52M8sIXvYFpDPwPNBgrDX0kNAEuRORvroxBUxVX5CHfqiMc2xJSC_R9eawzyCy0i42sMgNFwNYWCs6um5HZHM1V0gc7HmhfdTPvOxQFudECgIcQhd0y4VeN-3SBvh2bgZpBcr81Pgx1CYMskV1VsrIeEs3tcMipOf67HWEMabq6rhf2N1DJs3iqukAq9BaViPGRc42MR0Z6QQ-3VLzyKLPIbkV5rCjRFyUZZKohK3t_W_1D0sSkt-WnDbH_Jhj2EbwttYTP8_AxVPsM0zOwO9cOFjGvcxHmn7rjtYTdrrGs0qlNbirghuaCIsutYn5_58ikA40KrwyrsWBg0ayMxMfDJ6EVo9RojDfr3t11VK_KW7yWNQ_khDvrBmO1rhNOvDKKcvfOw891foa5u_X70Z29HzACHx-UR794AdvASWz1BP6GCGiphyNpUh1iEiAB3Am-d8swUUxBt8g0i7GnNDM7_CmDQVqGK5zQY9al-zTw_HXDRJI8S4HpifFrb302hW8cZy-Qp3kYdyhdVNcKkeiB1ZXXui9532iTsIYUwomeRyFlKSt-UKtK0KbH33-zxx_7eD8zWi-5--gMC4KQGVbQiWki6-8_i5xpFWrzY6FvKoLQl0Q8nvPD1iD5ePHSfQ5vfJaitP4cv9u26K3Xaso1VjPZms-4liSaE5B22Pr-MoEtITiNJNaoS83_51HjPb3uqYcvaKN1LW7yf3nEuiW0XbRSDqGYknwl4QTmRaDKFj8lrKaxYFdQ81wl9qaho4bxB18hSBRML5wXXfmwwWXck7VaAbpBaQuPsZzPDp4_fKmKo0YhhSaMzdaRC1eKxeRMGU9g--4KsEyZj5mjshplZ7s6dDHRZK3H1S_lOZWIfD38EFr9rRSjajY11B5Qi0WB82QJ_Tc8_hUITtYlKDAD0SCFn0kGHAZKCpCrgfRsrycQav_IpmPCpyXb-1CbQsF38ya0ZE_3rVaInfJ8vo9lUFre9GJM6Dwz3xOW6oXMY-xtlRUaa4W2XkByd63JZPDqVwsFOxis_6l8qzh0TMFEP6Djkru9raiHKaLaqj323WXj6I9NtDUungKrFIaPV6kpC3Ky0NQ-kJzIA9b36jn14wUFE7owsZLdON5cbVzih5bEDdjlWkkfNrhwm94ZAO8w8l3kgJL_2LMnftUpEy7OpQr-gm_jmZE5es23DqR22CHwETquE8XMk6Z2XT0GFQCtoS3tBKUNmlia5_-gjoZw-AwW5rA2fgR-IlfduPdOi6rD95hP1-hRuL1J9nhETEbBB8Uo1kFD6zO9gkhABGky1RPKIIApsWkPbIZ3bNz6NIv9m4LMtpt9A7OSKzu_oIOva5Et79KhsEltOvzWZVDWIA7qW2IkvS619eiovGWythl3rSR3v9WyqJerApDqeMoE0LHggUxcU_wW8jqz976B9EF8Dq127Uo4HLPdLsVNlmjMqWweRToS2q7Pz2Ray7zfUCrNHnBL5Z8Fd8KZlIqoPL109fq4boMZrbWZ347WGhUojNbHP810sweS4UCGCxilj2oIRmAEdYW6Eyfl_8mcIyUPw5_oRKUy7K2MaNXJOybIOb04Wql5lj0zGPrECbW_hpbKqvNy99moryMsuWnqNWH-RWGC6HRxBZOaoqRpc8X69M1YZeCl2nUKtyRZqM67Ijb959d8CdIcjMJOLSfNqrK4TMatRofCvMuairaOzae-h1HmzkxNtiCEwo66BSLqIr9tjmDgv4iYKsaE9lBZZYJGwT2-y2PSKNN3oWxn1XYlknX-vI_VwX2Zcwr40Mk4mJnp7OTq0sspdpIOnB4wIZh6Q_z15fq5pC1v79c3Jeox8Qf-6ON--YFo0vWTKgxwSYJd5jA4YrqeOZf-6RnsozfElBEQBQPXNlu7AWFWttuQOIv_V5lhmd3Awnxa7ZEzbAPwD6WmghmQd_g2wqgShvm5Ab-nMmHqzIhBQKSpltlBpSGdUn5C2Rz_ni9O0e3652DpEOr9C8G4IiF5IzoH5OOIGrwzkbBMD-ryOl_-hyYbV17u0Ao5NTzGmjacjTH1OGrFg4vQuMfZX8Aeh0HqQbolI7K9BB_2C7C7DTzNMRltm6XFPn1WbWy8gauWRvb-4fXyHPc0E8-x85LXymBOe2zICKA7zh29xfYlHUOw7LWreIMDOCy3uO4zXeLKdfMaf48IPci_XwXC01vvw96zwGzfqv1LO_XLRLKuR8J0D-zqPtqviSN8eHc8H8pXLAbWLyLIOC6_tKQqHomSnUhvKiNEbZEblCjJsKvUGFREuVb3GMr51oI-nEyaN5Ar1Am0fcampydZ41U71LYVXbLfF7NzP1mnJD3ryPrA-F8FbW71SB96UIw1REpFvxYv4lC_ksBFuzYC4X82sWbJ04VbKpa4kyUsnVpiVwESm8EbYw8RLjet_a4oKcZJWSJzVbgkNABY0uC5dTG4C1XQhzh8Taud7BEiUMw4Okr2yTveMBLJXJVhHcs8cNAHn6pGm-jMyLqUpobdzT0SSN7seydAp75l8E8wK8_7OtAJIiv_7gth2fkyLeZ5Ne5wO6YexvXJLh75exbg97BmaNNbtGPM4bwU_UEL5yS4-6aQvMejK70W4a0Ua23oQroVK76EudVUoDt2YZ3o8iGCyb1kUd4GVkUSEFvq7y_7Ui3ZuqYlgbVvKMAoIl71PBH82w_Saoo9gpXEIXZoNkxIUDmGSmj6GENK2M20u4918JrvwH1BaRRONHOamgc_oa4FuTq2Krjf7_YiTD9Zs2bsJn_y5YT0x4DUSun57Rw-fLSg5fAwwR95o_SaFyrGlb9SjBMDVd04TDa_naVow8WsmwXtWNt40z8EF3XofP4K-Ah2eWnPY2omxyE0cj0EjIIdDhismfInN-1Hqha2Mjl-hkPPvh-9-kRu_AxtHZMGXugxRxNbCtL-ABSkBIWA723yf1CiCG4hWUmCk_V1rRET&cid=CAQSOwDq26N97it0L5Kan47pW2OgfNeS_W5h0-KRtDKfT3AYrKtB_Q4VcFbeb11YPXuwbIer7uq-109G3CmqGAEgEw&rfl=2%2Chttps%253A%252F%252Flegas.com.ua%252F%240

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f93edec077db285f2ab20380adf319c8ca8e7526d2f14a46c227ed1d57c1dec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34691
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 91DF 3 KB
1 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:08 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 91DF 18 KB
7 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51449
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 91DF 0
0 53ms
51ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQCH7J78bkRRQejfUA3d0wYOZQaF-U54KI0lIDDqpi3r2hCQvkYWMOdDWiMKqXELb37PmYguA0dTk-qcAbDrcxNOMftRQ
Requested by: Host: legas.com.ua
URL: https://legas.com.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 91DF 155 KB
47 KB 159ms
67ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48508
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1669811598765935"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 04 Dec 2022 05:13:38 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 91DF 42 B
63 B 81ms
80ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ARdY_NIYV8ufkHqU292YMgyPWWi_RsfxPshnD7DZhVHVSXHkBm4Kct7O55m3rvy7UR2YX0mlK2YnaBPrM2mSvYgwWwtQ3KfDUWtgqMA8x_BauTiOI

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7AE0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1DOPpGBmQ7ETMnnMhsIqM&google_cver=1

43 B
766 B

90ms
44ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1DOPpGBmQ7ETMnnMhsIqM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIzeRBCm8U8YlImP2gEwAQ&v=APEucNWl-LlLMaMtlEq0IKKFixMyPfWvmiad2ktqhRtVMxB3uUUgOOeJWsdwCxhtJLy4odzYJST0pjqBVAwlYkjvDKrmAkJkd75-5F0wU443zi6TLFQ7yZKI9afJgXaT-yaj3vfZ8OL92AbMxFhQc3IDM8wNuAv0y0t7F_ifUKH25tfk_HPJK-I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 04 Dec 2022 05:13:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1DOPpGBmQ7ETMnnMhsIqM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7AE0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1DOPpGBmQ7ETMnnMhsIqM&google_cver=1

43 B
894 B

45ms
44ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1DOPpGBmQ7ETMnnMhsIqM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIzeRBCm8U8YlImP2gEwAQ&v=APEucNWl-LlLMaMtlEq0IKKFixMyPfWvmiad2ktqhRtVMxB3uUUgOOeJWsdwCxhtJLy4odzYJST0pjqBVAwlYkjvDKrmAkJkd75-5F0wU443zi6TLFQ7yZKI9afJgXaT-yaj3vfZ8OL92AbMxFhQc3IDM8wNuAv0y0t7F_ifUKH25tfk_HPJK-I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 04 Dec 2022 05:13:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1DOPpGBmQ7ETMnnMhsIqM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7AE0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENgmr7DLh68OlgYIq5_dMTg&google_cver=1

43 B
1021 B

50ms
47ms

Image
image/gif

37.252.171.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENgmr7DLh68OlgYIq5_dMTg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIzeRBCm8U8YlImP2gEwAQ&v=APEucNWl-LlLMaMtlEq0IKKFixMyPfWvmiad2ktqhRtVMxB3uUUgOOeJWsdwCxhtJLy4odzYJST0pjqBVAwlYkjvDKrmAkJkd75-5F0wU443zi6TLFQ7yZKI9afJgXaT-yaj3vfZ8OL92AbMxFhQc3IDM8wNuAv0y0t7F_ifUKH25tfk_HPJK-I

Protocol

HTTP/1.1

Server

37.252.171.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 04 Dec 2022 05:13:39 GMT
AN-X-Request-Uuid: becc2abe-fa3b-40f2-afd0-04b0c02492ad
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.138.196.109; 217.138.196.109; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENgmr7DLh68OlgYIq5_dMTg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7AE0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2ODIyMzI2MjAxODQ5MDUxNw%3D%3D

170 B
188 B

96ms
57ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2ODIyMzI2MjAxODQ5MDUxNw%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 04 Dec 2022 05:13:39 GMT
AN-X-Request-Uuid: b399007f-38af-41c0-9c76-b55facd6b287
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2ODIyMzI2MjAxODQ5MDUxNw%3D%3D
Connection: keep-alive
X-Proxy-Origin: 217.138.196.109; 217.138.196.109; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 91DF 106 KB
38 KB 144ms
43ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 08:38:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74139
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 04 Dec 2022 08:38:00 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame 91DF 8 KB
3 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BSYXLoKmhvv7NUNVID4zm_1ZpqeEpVBF9XaMxF4bvOrCjXfPvB4Z4AYfqiq0wDKPV-CMTMefo7uGXkiG4JLJ4pCxVK1Q&cry=1&dbm_d=AKAmf-CEGM5DvOK-3Dd6HFOp7dFzyJCM6yCy9s1cm9fsUIwmarq-bug2zD6Ex-SD9RryafJd25ywsGLtli7HKg-9XQQRVfsOosZ44_aY-c9RvQzumJsKrz8rtyD9BR1fU1i9x-9JR1EYIg_RLDHRUfVjN-qe581CDwKs60Ly9Eel2on6Ja35svvQWmUwfio5JwjTOJYhdSqIOpU45XZ_5aVkeJRwlUcL-R6corxOa7qOv7A0eK1WBTbyxKNwZkRRoyhL4ZpXUIb-3zXqWKR8VfJbrAatieqvMKGt1Qesg-3I_BsruLzAWKmMyrVZ3ptBRD32b-IxXBJDnufApg6FMebiTuOfmf4MviiZfk_01nRipBOUnTNVwKGJuJa_ngeEaUWfKeAQNaxTwZXBFzVe2VJ2JyXr4lS5XT99R8xuy4UHvU71lU8xmV4frqE08WDAknJoIjAzaz4ZkmXGa6ZbHZj4Mry-0SrZkgP84pG12MQ4OTxa7GqKd1ZMSoAOYctpJfF1eqIMumryb61VEcBK8x1-lIWYEX6WuTOtEdrhk5eGH71EyTC8htWHL8aDZALfza9vLWq7lr70xeMGjzOpYxWNfR7hsMi3gZaEOxeA5tIAUs5iZfmzG5v9Gcbb1pvsmVaZFXLTRznOKsT9m_xE-fYaLfIn0E1AncEtmSDtLHOvzu4_UgqVmW-2AnNJ4MXRj7acY80zD3XW7HbtZPAzHPqwzSRMblsuVX-1ncjbfFGB7LjtK_RdRWUlzHZF-52M8sIXvYFpDPwPNBgrDX0kNAEuRORvroxBUxVX5CHfqiMc2xJSC_R9eawzyCy0i42sMgNFwNYWCs6um5HZHM1V0gc7HmhfdTPvOxQFudECgIcQhd0y4VeN-3SBvh2bgZpBcr81Pgx1CYMskV1VsrIeEs3tcMipOf67HWEMabq6rhf2N1DJs3iqukAq9BaViPGRc42MR0Z6QQ-3VLzyKLPIbkV5rCjRFyUZZKohK3t_W_1D0sSkt-WnDbH_Jhj2EbwttYTP8_AxVPsM0zOwO9cOFjGvcxHmn7rjtYTdrrGs0qlNbirghuaCIsutYn5_58ikA40KrwyrsWBg0ayMxMfDJ6EVo9RojDfr3t11VK_KW7yWNQ_khDvrBmO1rhNOvDKKcvfOw891foa5u_X70Z29HzACHx-UR794AdvASWz1BP6GCGiphyNpUh1iEiAB3Am-d8swUUxBt8g0i7GnNDM7_CmDQVqGK5zQY9al-zTw_HXDRJI8S4HpifFrb302hW8cZy-Qp3kYdyhdVNcKkeiB1ZXXui9532iTsIYUwomeRyFlKSt-UKtK0KbH33-zxx_7eD8zWi-5--gMC4KQGVbQiWki6-8_i5xpFWrzY6FvKoLQl0Q8nvPD1iD5ePHSfQ5vfJaitP4cv9u26K3Xaso1VjPZms-4liSaE5B22Pr-MoEtITiNJNaoS83_51HjPb3uqYcvaKN1LW7yf3nEuiW0XbRSDqGYknwl4QTmRaDKFj8lrKaxYFdQ81wl9qaho4bxB18hSBRML5wXXfmwwWXck7VaAbpBaQuPsZzPDp4_fKmKo0YhhSaMzdaRC1eKxeRMGU9g--4KsEyZj5mjshplZ7s6dDHRZK3H1S_lOZWIfD38EFr9rRSjajY11B5Qi0WB82QJ_Tc8_hUITtYlKDAD0SCFn0kGHAZKCpCrgfRsrycQav_IpmPCpyXb-1CbQsF38ya0ZE_3rVaInfJ8vo9lUFre9GJM6Dwz3xOW6oXMY-xtlRUaa4W2XkByd63JZPDqVwsFOxis_6l8qzh0TMFEP6Djkru9raiHKaLaqj323WXj6I9NtDUungKrFIaPV6kpC3Ky0NQ-kJzIA9b36jn14wUFE7owsZLdON5cbVzih5bEDdjlWkkfNrhwm94ZAO8w8l3kgJL_2LMnftUpEy7OpQr-gm_jmZE5es23DqR22CHwETquE8XMk6Z2XT0GFQCtoS3tBKUNmlia5_-gjoZw-AwW5rA2fgR-IlfduPdOi6rD95hP1-hRuL1J9nhETEbBB8Uo1kFD6zO9gkhABGky1RPKIIApsWkPbIZ3bNz6NIv9m4LMtpt9A7OSKzu_oIOva5Et79KhsEltOvzWZVDWIA7qW2IkvS619eiovGWythl3rSR3v9WyqJerApDqeMoE0LHggUxcU_wW8jqz976B9EF8Dq127Uo4HLPdLsVNlmjMqWweRToS2q7Pz2Ray7zfUCrNHnBL5Z8Fd8KZlIqoPL109fq4boMZrbWZ347WGhUojNbHP810sweS4UCGCxilj2oIRmAEdYW6Eyfl_8mcIyUPw5_oRKUy7K2MaNXJOybIOb04Wql5lj0zGPrECbW_hpbKqvNy99moryMsuWnqNWH-RWGC6HRxBZOaoqRpc8X69M1YZeCl2nUKtyRZqM67Ijb959d8CdIcjMJOLSfNqrK4TMatRofCvMuairaOzae-h1HmzkxNtiCEwo66BSLqIr9tjmDgv4iYKsaE9lBZZYJGwT2-y2PSKNN3oWxn1XYlknX-vI_VwX2Zcwr40Mk4mJnp7OTq0sspdpIOnB4wIZh6Q_z15fq5pC1v79c3Jeox8Qf-6ON--YFo0vWTKgxwSYJd5jA4YrqeOZf-6RnsozfElBEQBQPXNlu7AWFWttuQOIv_V5lhmd3Awnxa7ZEzbAPwD6WmghmQd_g2wqgShvm5Ab-nMmHqzIhBQKSpltlBpSGdUn5C2Rz_ni9O0e3652DpEOr9C8G4IiF5IzoH5OOIGrwzkbBMD-ryOl_-hyYbV17u0Ao5NTzGmjacjTH1OGrFg4vQuMfZX8Aeh0HqQbolI7K9BB_2C7C7DTzNMRltm6XFPn1WbWy8gauWRvb-4fXyHPc0E8-x85LXymBOe2zICKA7zh29xfYlHUOw7LWreIMDOCy3uO4zXeLKdfMaf48IPci_XwXC01vvw96zwGzfqv1LO_XLRLKuR8J0D-zqPtqviSN8eHc8H8pXLAbWLyLIOC6_tKQqHomSnUhvKiNEbZEblCjJsKvUGFREuVb3GMr51oI-nEyaN5Ar1Am0fcampydZ41U71LYVXbLfF7NzP1mnJD3ryPrA-F8FbW71SB96UIw1REpFvxYv4lC_ksBFuzYC4X82sWbJ04VbKpa4kyUsnVpiVwESm8EbYw8RLjet_a4oKcZJWSJzVbgkNABY0uC5dTG4C1XQhzh8Taud7BEiUMw4Okr2yTveMBLJXJVhHcs8cNAHn6pGm-jMyLqUpobdzT0SSN7seydAp75l8E8wK8_7OtAJIiv_7gth2fkyLeZ5Ne5wO6YexvXJLh75exbg97BmaNNbtGPM4bwU_UEL5yS4-6aQvMejK70W4a0Ua23oQroVK76EudVUoDt2YZ3o8iGCyb1kUd4GVkUSEFvq7y_7Ui3ZuqYlgbVvKMAoIl71PBH82w_Saoo9gpXEIXZoNkxIUDmGSmj6GENK2M20u4918JrvwH1BaRRONHOamgc_oa4FuTq2Krjf7_YiTD9Zs2bsJn_y5YT0x4DUSun57Rw-fLSg5fAwwR95o_SaFyrGlb9SjBMDVd04TDa_naVow8WsmwXtWNt40z8EF3XofP4K-Ah2eWnPY2omxyE0cj0EjIIdDhismfInN-1Hqha2Mjl-hkPPvh-9-kRu_AxtHZMGXugxRxNbCtL-ABSkBIWA723yf1CiCG4hWUmCk_V1rRET&cid=CAQSOwDq26N97it0L5Kan47pW2OgfNeS_W5h0-KRtDKfT3AYrKtB_Q4VcFbeb11YPXuwbIer7uq-109G3CmqGAEgEw&rfl=2%2Chttps%253A%252F%252Flegas.com.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 10:10:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68568
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 10:10:50 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 91DF 29 KB
11 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 10:10:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68569
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11206
x-xss-protection: 0
server: cafe
etag: 16690196781007480285
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 10:10:49 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 99CE 2 KB
765 B 45ms
44ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:08 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 99CE 23 KB
9 KB 49ms
46ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 99CE 3 KB
1 KB 47ms
44ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:08 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 99CE 18 KB
7 KB 51ms
47ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 14:56:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51449
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 17 Dec 2022 14:56:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 99CE 0
0 54ms
51ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRC1D5gXzsNOsrX6ZEuSuiQeHpXlmkU5xB4H621SJDG42ItT26sOeQ49bsFO5rJvrSbg6MiE-KPUQu9q-T1NKsEwPSx3A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 99CE 155 KB
47 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48508
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1669811598765935"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 04 Dec 2022 05:13:38 GMT

GET
H3 200 83de75e735dabeddf4e705de6f0a2f41.js Show response
www.gstatic.com/mysidia/ Frame 99CE 34 KB
14 KB 48ms
45ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/83de75e735dabeddf4e705de6f0a2f41.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 01:40:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 444804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14157
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 00:08:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 27 Feb 2023 01:40:14 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 91DF 41 KB
15 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 07:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166034
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 07:06:25 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B5D3 1 KB
643 B 45ms
44ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 68570
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 10:10:49 GMT
etag: 48472445140208031
expires: Sun, 04 Dec 2022 10:10:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 91DF 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b52e1fde3b57d79352aba9db6a9b0a18838bee998a2337ad991932bb9618d463

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 33D7 1 KB
643 B 45ms
44ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 68570
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 10:10:49 GMT
etag: 48472445140208031
expires: Sun, 04 Dec 2022 10:10:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9D58 22 KB
8 KB 45ms
44ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 34457
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 19:39:22 GMT
expires: Sun, 03 Dec 2023 19:39:22 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame B5D3 35 B
463 B 163ms
46ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGVkONffltdfFAjNblJ7TCI&google_cver=1&google_push=ASkJ3FYRjDbgU1nnOAVaxAlvZzNDqrn7pIb3qkJPYWfCnrgLsZpDS-8km-b_jwwAST9tEHQC1wUfHH2SbzhiZ9bWtNdRNXpu_w

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B5D3
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DASkJ3FYNzh9TzOY2cAsCVRiWAPwfPct5TsaDnbojDQhWlwlG-K8hqHxyi1HbBapgCQykreYOhhpwdBBH9EUsSuCopZBIP9Qoj2Q&google_gid=CAESEGrPNv_oMGI_mNVGVwOJjHU&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCIPZsJwGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BU2tKM0ZZTnpoOVR6T1kyY0FzQ1ZSaVdBUHdmUGN0NVRzYURuYm9qRFFoV2x3bEctSzhocUh4eWkxSGJCYXBnQ1F5a3JlWU9oaHB3ZEJCSDlFVXNTdU...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwekViUFVyVzZvN0g2bGRZcTlCdUZ6SDV4MjFLeXljYUZESTJkTUx0UTktSQ==&google_push

170 B
188 B

75ms
57ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwekViUFVyVzZvN0g2bGRZcTlCdUZ6SDV4MjFLeXljYUZESTJkTUx0UTktSQ==&google_push

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 04 Dec 2022 05:13:39 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwekViUFVyVzZvN0g2bGRZcTlCdUZ6SDV4MjFLeXljYUZESTJkTUx0UTktSQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B5D3
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FZVxYkV...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FZVxYkV...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEyMDQwNTEzMzkwMDAzNjY4OTU0ODc5Mw%3D%3D&google_push=ASkJ3FZVxYkVsRWpBB_kZEki_ZjwSr-m8zP3eKzsPBXybqf43WjOHZr4j8sEo_j03hlXUN...

170 B
188 B

57ms
57ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEyMDQwNTEzMzkwMDAzNjY4OTU0ODc5Mw%3D%3D&google_push=ASkJ3FZVxYkVsRWpBB_kZEki_ZjwSr-m8zP3eKzsPBXybqf43WjOHZr4j8sEo_j03hlXUNkgPRdpts7rLoJYZatW2MPKFlw75g

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEyMDQwNTEzMzkwMDAzNjY4OTU0ODc5Mw%3D%3D&google_push=ASkJ3FZVxYkVsRWpBB_kZEki_ZjwSr-m8zP3eKzsPBXybqf43WjOHZr4j8sEo_j03hlXUNkgPRdpts7rLoJYZatW2MPKFlw75g
pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Sun, 04 Dec 2022 05:13:39 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame B5D3 43 B
356 B 126ms
44ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEDE6YXFE1nQXztXSi-_AzJY&google_push=ASkJ3FbHCmvrybEvSmMilsXM8AZQCHzdm-b65uFqGnaSFY8g7nCKZAVAHlY5fRI8h7J2RWBIftzvlE7RZHQKgThlapz3SSYD70c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B5D3
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_REgFcKoTm2oyOp7Znqu2Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

60ms
59ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_REgFcKoTm2oyOp7Znqu2Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FalkYndepCSibmQpiI_AeMLnbE1tjfaDFmAbVyO7lcRpbeEd8fb7zjHP8pRAt36-gFSBEkyMKFixBV6pFqdQzPghUaOmVM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_REgFcKoTm2oyOp7Znqu2Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FalkYndepCSibmQpiI_AeMLnbE1tjfaDFmAbVyO7lcRpbeEd8fb7zjHP8pRAt36-gFSBEkyMKFixBV6pFqdQzPghUaOmVM
date: Sun, 04 Dec 2022 05:13:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B5D3
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAAFCwAAAIB&google_nid=index&google_push=ASkJ3Fakz-Gl_JAnXrrDjNEyrs5qe-5dZPY8N...

170 B
188 B

60ms
58ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAAFCwAAAIB&google_nid=index&google_push=ASkJ3Fakz-Gl_JAnXrrDjNEyrs5qe-5dZPY8NLAYFVzOVFeHgJXneEQtiIO4Tyzt6drZJ5GyCO_ZWnWf7fzHKa76wK9Or-7VIg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXjwB%2B9gGnDOoFMb6VB6jtGclDm3dBQm3%2Fl8djlFYY%2B2ncjiIThHgxIT6CamYCEibiG5ShG608CM9KLfDq9kWO2ZOJimVLOv6frpR%2FBZFENdZij5t5z92HuBGeNs7FNoskxLz5xkuwtPNA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAAFCwAAAIB&google_nid=index&google_push=ASkJ3Fakz-Gl_JAnXrrDjNEyrs5qe-5dZPY8NLAYFVzOVFeHgJXneEQtiIO4Tyzt6drZJ5GyCO_ZWnWf7fzHKa76wK9Or-7VIg
cache-control: no-cache
cf-ray: 77420dd3ccce0752-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame B5D3 43 B
297 B 314ms
61ms Image
image/gif 2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEO4vSbgUVDXOz_5V9JttqBE&google_cver=1&google_push=ASkJ3FbH3x6M7xKfB2tECnDdxzKYWwc08p4QC_DsJByUpAx-Ju14AtDpUESE1mP7p6Z2KXyx_rWXlfs7uwYq185aV18AB7fmHA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
cache-control: no-cache
content-length: 43
request-time: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B5D3 0
12 B 148ms
54ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KCKJlkEXjN1zczc04FMankit7Nae6yf_CKvbHh_21BjCg1M1OSxhXovUIwN0U0TjRcmosL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 33D7 35 B
463 B 119ms
47ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGVkONffltdfFAjNblJ7TCI&google_cver=1&google_push=ASkJ3FaI-GIsReeJ7fizIfFUWVeLzBoDVP5swLVb0WrIUO-EZKVHIfeUhepy1XAmX2iH1xceQMYLdiKQKi3MUopAcjLYs0UOrw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 33D7
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEDo1bapyFgSDB5KhOH684TI&google_cver=1&google_push=ASkJ3FaP6ZOChpxr732tGNePCj4PJOYTjdcbyJv8U4SL99A-GpFrRfN89PuNVhrX_yRKBt7Vn4Sv0XGLCf09IvziMsFoh-D_Vmo
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FaP6ZOChpxr732tGNePCj4PJOYTjdcbyJv8U4SL99A-GpFrRfN89PuNVhrX_yRKBt7Vn4Sv0XGLCf09IvziMsFoh-D_Vmo&google_hm=Q0FFU0VEbzFiYXB5RmdTRE...

170 B
188 B

58ms
58ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FaP6ZOChpxr732tGNePCj4PJOYTjdcbyJv8U4SL99A-GpFrRfN89PuNVhrX_yRKBt7Vn4Sv0XGLCf09IvziMsFoh-D_Vmo&google_hm=Q0FFU0VEbzFiYXB5RmdTREI1S2hPSDY4NFRJ

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 04 Dec 2022 05:13:38 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FaP6ZOChpxr732tGNePCj4PJOYTjdcbyJv8U4SL99A-GpFrRfN89PuNVhrX_yRKBt7Vn4Sv0XGLCf09IvziMsFoh-D_Vmo&google_hm=Q0FFU0VEbzFiYXB5RmdTREI1S2hPSDY4NFRJ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 33D7 43 B
106 B 83ms
46ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEDE6YXFE1nQXztXSi-_AzJY&google_push=ASkJ3FYUl9Hjw5xEsWxWneQN15FyC2iqSaLpSgzRpS3xsvg94YMhcEGFrlo3gcLQtkDQmLFQjXz2MJoyDj2Kz0_e8pzOF5T7-dc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 33D7 43 B
350 B 136ms
40ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEB7L9rrcb3vKm9EKlcfP438&google_cver=1&google_push=ASkJ3FZzEQqhVckhI5MkDDEhkUP93ZomYeDzxQ6tsyKsyHu8rlEbyajCVNCxCMyD_P96AP2-718cgmGlQMPoiIcxc53MnBv068I
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:38 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 80a8hr5oe0cgrh92ghu91khcups0uqrj

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 33D7
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=JMP5Q98fQGCDVS3waUCEaQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

91ms
90ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=JMP5Q98fQGCDVS3waUCEaQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3Fa177V3unMrHghxj7AmAhMMbzGKJ1Yy5Hq7pZrrsZM4TH-MuGW5euFkhN7U_4FJSSR33xJL3ArqK-5gupZkQ_TAyRHW2Wk

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=JMP5Q98fQGCDVS3waUCEaQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3Fa177V3unMrHghxj7AmAhMMbzGKJ1Yy5Hq7pZrrsZM4TH-MuGW5euFkhN7U_4FJSSR33xJL3ArqK-5gupZkQ_TAyRHW2Wk
date: Sun, 04 Dec 2022 05:13:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 33D7
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECgZ2MMzL_tCR-r9amzyngo&google_cver=1&google_push=ASkJ3FZwV_YqjvY1fndMX6Y0bjFZSlRTMqo94dtZMGZi0CSJ1YPxWO0OZXC0XJw6VfWNX73oaqo...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI4V1JOUUwtMUktVktZ&google_push=ASkJ3FZwV_YqjvY1fndMX6Y0bjFZSlRTMqo94dtZMGZi0CSJ1YPxWO0OZXC0XJw6VfWNX73oaqowhiKHgav0yoFH-L-jG4gG3gw

170 B
188 B

69ms
68ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI4V1JOUUwtMUktVktZ&google_push=ASkJ3FZwV_YqjvY1fndMX6Y0bjFZSlRTMqo94dtZMGZi0CSJ1YPxWO0OZXC0XJw6VfWNX73oaqowhiKHgav0yoFH-L-jG4gG3gw

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI4V1JOUUwtMUktVktZ&google_push=ASkJ3FZwV_YqjvY1fndMX6Y0bjFZSlRTMqo94dtZMGZi0CSJ1YPxWO0OZXC0XJw6VfWNX73oaqowhiKHgav0yoFH-L-jG4gG3gw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 33D7
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAAFCwAAAIB&google_nid=index&google_push=ASkJ3Fb9bQNtJWsbgUiiCEDTUQgphcf1yICCF...

170 B
188 B

57ms
55ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAAFCwAAAIB&google_nid=index&google_push=ASkJ3Fb9bQNtJWsbgUiiCEDTUQgphcf1yICCFGwsvbQEt8VUEQIKuSitiJ_5KaAHf78hSllCKBGuL5mhv1hUYdBQLqmmaifZaA

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2oBdwFh6X7PGtRK%2FyRouft5AxA1ECAktTj8%2BUZd0tkZx52IG2pENElfNNY6%2F%2BO2Ff0bCJ8LhDBxcPIq2k%2FJMHqk0BozZNu6z08bYRKfHevwdJ31cIrYVxz249QmCRDTHHfV9%2ByrFN%2BZr3g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEF6HWcaL_7KxDzNv_4Nq2iE&google_hm=Y4wsgnGLqPB8n3P8zNhNjgAAFCwAAAIB&google_nid=index&google_push=ASkJ3Fb9bQNtJWsbgUiiCEDTUQgphcf1yICCFGwsvbQEt8VUEQIKuSitiJ_5KaAHf78hSllCKBGuL5mhv1hUYdBQLqmmaifZaA
cache-control: no-cache
cf-ray: 77420dd3cccf0752-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 33D7 0
12 B 104ms
54ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IrBfCd_Dboqvbkh0hbq9r4elS1DQ6-lRnG9r2U2eJI8dLBlmuvGf_vw7Ie1EgwAHQkulvD

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js Show response
pagead2.googlesyndication.com/bg/ Frame F969 36 KB
16 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 16:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 03 Dec 2023 16:35:12 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 81ms
81ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221110&jk=3013785854762593&bg=!TE-lTwvNAAbvMpMzzzI7ACkAdvg8WmqaK3dqeZfHxgzmrzmlKvxl5yIij2p2OEwfdmeqM9lZmX_rkQIAAABlUgAAAANoAQcKANQAefF0szxIxV6cENxgPv6oMYoeIJu22T0gqtgQlyaN3K7Wk8dbAyWkCgzOgafbPxrTW9IvhSP9Kw2eC0Qzl6rLCFeT_pPNOghSMlOF6mNU5o_qdfiXjcNshXHzqie87CgKbBlo91p3cRZkM3mETujd2NIa3BuhetR9dvruPOQYzuf06-KgwMBq8GnJAE5Mj0OMAFJa1Dqi2drxuVwpiA9SehVAE9AaDdHT_H-CiyEJlFsMinowoyK0dz5AQBc6kCn2zgJ54-gHp7dyLnDURL5UAQiakpkCmgk2TiD62G3uHKoKj25z_oj_3pgIiEGcafzuhjbMf6WncBA2kiClx-hXvolMV-yircH69VW-S6UXw_9khtLxLTh7GXBv5TYzsz7hk1FPIX7PS0ClAEwTky4BGctIWwyeGNdBqkyQm0rRfUUYoi8KjsZppmtvJzBETTGkyGLGpx-Tc5skqC9G0eO4nJObDiCo-FVUKpA7-5wH67crm50kggX7FV2qgNgKSyoUUYle6ScV0U0er5Mr-aCCugxMQcTJDb19wxwzXjmAc6u4ekLXwOdK_nnmLmcnrMugJ1yigASURN9rYqJXjNoeXNg1LJgTj-nr_VfrQPsVyCDMNfyOLqEN1Av8Z79b5z7fSvs60M1ZxX_hxpjC4WH7lSoI3M6nZgAX7J52NlBaLVvTDTpp1ZDpFmWCY9OYgWkuWQ9sPvJV1pweDt4eIs4LhCP12nGMbVfGyrA6Sloc4cPJGhmuEiQhiCSEY88h6IK1CxUoObVVAZt_moUKGsX87853XdrnvQZeAtYx0VUNkz-jjcjwnmyE_9zRH5y8cteczUqtya609ITc_mwBwLYmObQlEAOyon-Prw8qz4bw8BokAG8MoP-UmGdi3uNTt9U_5n_alZ0zNiPK2PIBkBqSncv6mB-sCs36HsDR1sbeqXcFpn3IfdGxxlf0c6qeJfgbepte9_TxMf-oO9DQjdvetVzQsZK2qayTAdoL59QS2sIWDfTjELYcetrz54iDRm2cH5u1ypRJMa-5Wi_XK38l5G2IAYMmwlyDe0enmZ7fsZa20NX6kwWAuIdHnEsCh2ZLbnU8VIR8Syg-x-csIZwI7R5dDwnYi7TyrT9wSqj1LEgn49POQeYLIYRoZXpmhtiuF4GPoUDOVtKznmsqc8fFsQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://legas.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/ Frame AF64 88 KB
21 KB 135ms
45ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4c3d2ae0aa42ca94a4dc0e1640116bf41f42653d66db64fed3ff327703816a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 166491
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 21102
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 06:58:48 GMT
expires: Sat, 02 Dec 2023 06:58:48 GMT
last-modified: Thu, 17 Nov 2022 17:22:36 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 91DF 0
0 204ms
89ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvxrY_gb_cqL4f39J0NnCm4BJe_mHjfNf5SzZb2RrlP_yAiCpDHGsAxQZvCwmb5N8gfymrRC2mBGcXbODKQSg0Nd6S4xshEZuz3TLPBl8CoEQ9eSifJUHUmuIR21diaNHNngdK6RkKcc6V98H6mCzZitbTAWY2WeUetMd3ShKwdNl0z3vK8qjPm_I7_BIB_0WfdeijvrQfiBrftAZb5hyAj_UEG1xmnBmDg6VQQRlcFYjpHrDUUf9c2uzAvyVoKEOrdXRPlMkkG1R1lzLxWf8rw4NFBVyoz3QqxMTFUP7m42UOIgrcsrofRmdrzHe46YMvWAdtDAhby6wDCeTb10jspUzagqrB98sOkqE2pzURhoLXERMuuUQOdMEM6i4825UCVRKE9sMN-NIQ8d_yAQVQnqxlRTgd5Ek5yIhQACOusgu_Zc9isevxDjJOhGECADt9mf5697ddk8wE5LZp-WKTX1N2YgzpRpmmmomXHZqFPCQcbQf5tCo6oGkYcGmEUBcaakKok4qj6ub3jkaZN8CuaiBD6gzkweX05Aj2NKNNnV_WY1w15MkguaKNyJKXA83yi6CKBWXzSVX9kmU0w-GfelzB1bXhx-Zru9_UK9qEtc_dtsO8s9qz4H2QYA7W6UNWAYW3Q4AyWafEub6n7JkJXV93A29jl_9asIWSLNq1F0dHtRDTX-qSGLqLltWS2vPgyzCFK_ncqtDjfHMHV9RutvUZfAuOCSfvYq02FRBlRJC-rv7j834wcmLU87t6eQ_SB9E3iRCD_2aU98QvY96MH-h_0kF26EUVhPrai6XKPXauQ7aNRa3_5QDW_mXBr0kI2XzUwDg-scIsZ4lDlOSFIdnI_GhRrVZybc6SkMEg-HOpV_MZd-rMgIVI6acFi7d9_WY1s_Vi5vh4iSCSO8rBkqRH8ZBkmSHreXdcat-nN8wIYM5Lfp-Ojq8tONV5_vWMb4O3EZ9RFw3ZRCnBiXduradWZh1qiW_is0OK9bncAy4GVoa-2l3tu9szUTsi6BNkstMDTmhOJ_FEDW1OGSTOpxo6QkaksZfCI2UK46tAHqdvPbGCT2rzUvS7Jutq5nRuN0ISR1jEju-ne2uvi5HaVKmQSdXdlaWOX1cHZxa97Dyysu0aSNMrf1YaZyhq1mbUqlYJAyM90uzktcPVt7BKgPYFe3LG9IkNSiPB5Y8HxlPAUwwPpSI3U3m-b_r5vcftTkljlN63r0o4UTrxY5BKJH4DVTRf-bIpMtErm56K7wFfgWzisXDSwuHcnCdFhLLhO9MHEiyY89NphxgE&sai=AMfl-YTmGIoy78xmCY0PGntY-n2mpR6JObWicIs-zTdP7eJwIgseHgnfXP_wolDWXlz7MESsuUvOMHUeeF7d5Yo47-DJlUaCxmLkjVzGNvArUTkJNRuAd0824dFax_-NJ2m5WVEVLg120ElBmlxv_iTY5VmhV715UxtyCY6a7k-G3BUDgv-HCqRK7kuO-NRtPah1WYjRguwt2xmX3cUwgZxrJUrSze8w2VMEnvuMtNxGYPhk7w0UMWpNVncv7uSJlhxumRUETgVnNrI&sig=Cg0ArKJSzO_svbg9n1KUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=240&cbvp=1&cstd=236&cisv=r20221110.49721&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 04 Dec 2022 05:13:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 04 Dec 2022 05:13:39 GMT

GET
H3 200 api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js Show response
pagead2.googlesyndication.com/bg/ Frame 9D58 36 KB
16 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 16:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 03 Dec 2023 16:35:12 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame AF64 29 KB
10 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 05:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85591
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 04 Dec 2022 05:27:08 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 91DF 0
0 181ms
83ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvxrY_gb_cqL4f39J0NnCm4BJe_mHjfNf5SzZb2RrlP_yAiCpDHGsAxQZvCwmb5N8gfymrRC2mBGcXbODKQSg0Nd6S4xshEZuz3TLPBl8CoEQ9eSifJUHUmuIR21diaNHNngdK6RkKcc6V98H6mCzZitbTAWY2WeUetMd3ShKwdNl0z3vK8qjPm_I7_BIB_0WfdeijvrQfiBrftAZb5hyAj_UEG1xmnBmDg6VQQRlcFYjpHrDUUf9c2uzAvyVoKEOrdXRPlMkkG1R1lzLxWf8rw4NFBVyoz3QqxMTFUP7m42UOIgrcsrofRmdrzHe46YMvWAdtDAhby6wDCeTb10jspUzagqrB98sOkqE2pzURhoLXERMuuUQOdMEM6i4825UCVRKE9sMN-NIQ8d_yAQVQnqxlRTgd5Ek5yIhQACOusgu_Zc9isevxDjJOhGECADt9mf5697ddk8wE5LZp-WKTX1N2YgzpRpmmmomXHZqFPCQcbQf5tCo6oGkYcGmEUBcaakKok4qj6ub3jkaZN8CuaiBD6gzkweX05Aj2NKNNnV_WY1w15MkguaKNyJKXA83yi6CKBWXzSVX9kmU0w-GfelzB1bXhx-Zru9_UK9qEtc_dtsO8s9qz4H2QYA7W6UNWAYW3Q4AyWafEub6n7JkJXV93A29jl_9asIWSLNq1F0dHtRDTX-qSGLqLltWS2vPgyzCFK_ncqtDjfHMHV9RutvUZfAuOCSfvYq02FRBlRJC-rv7j834wcmLU87t6eQ_SB9E3iRCD_2aU98QvY96MH-h_0kF26EUVhPrai6XKPXauQ7aNRa3_5QDW_mXBr0kI2XzUwDg-scIsZ4lDlOSFIdnI_GhRrVZybc6SkMEg-HOpV_MZd-rMgIVI6acFi7d9_WY1s_Vi5vh4iSCSO8rBkqRH8ZBkmSHreXdcat-nN8wIYM5Lfp-Ojq8tONV5_vWMb4O3EZ9RFw3ZRCnBiXduradWZh1qiW_is0OK9bncAy4GVoa-2l3tu9szUTsi6BNkstMDTmhOJ_FEDW1OGSTOpxo6QkaksZfCI2UK46tAHqdvPbGCT2rzUvS7Jutq5nRuN0ISR1jEju-ne2uvi5HaVKmQSdXdlaWOX1cHZxa97Dyysu0aSNMrf1YaZyhq1mbUqlYJAyM90uzktcPVt7BKgPYFe3LG9IkNSiPB5Y8HxlPAUwwPpSI3U3m-b_r5vcftTkljlN63r0o4UTrxY5BKJH4DVTRf-bIpMtErm56K7wFfgWzisXDSwuHcnCdFhLLhO9MHEiyY89NphxgE&sai=AMfl-YTmGIoy78xmCY0PGntY-n2mpR6JObWicIs-zTdP7eJwIgseHgnfXP_wolDWXlz7MESsuUvOMHUeeF7d5Yo47-DJlUaCxmLkjVzGNvArUTkJNRuAd0824dFax_-NJ2m5WVEVLg120ElBmlxv_iTY5VmhV715UxtyCY6a7k-G3BUDgv-HCqRK7kuO-NRtPah1WYjRguwt2xmX3cUwgZxrJUrSze8w2VMEnvuMtNxGYPhk7w0UMWpNVncv7uSJlhxumRUETgVnNrI&sig=Cg0ArKJSzO_svbg9n1KUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=529&vt=11&dtpt=289&dett=3&cstd=236&cisv=r20221110.49721&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: legas.com.ua
URL: https://legas.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:13:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 04 Dec 2022 05:13:39 GMT

GET
H3 200 logos.png
s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/ Frame AF64 6 KB
6 KB 46ms
45ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/logos.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b771203e1a04667924c621eee87befe31b5d2f22ee4d34a0f4c95613af11d157

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 15:04:51 GMT
x-content-type-options: nosniff
age: 137328
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5781
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 17:22:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 15:04:51 GMT

GET
H3 200 precio.png
s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/ Frame AF64 5 KB
5 KB 73ms
72ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/precio.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a327ff5bc384f38e4ef5b88dd25812a252b6ff52b4f3a6e1b2133df16919708a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 15:04:51 GMT
x-content-type-options: nosniff
age: 137328
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5065
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 17:22:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 15:04:51 GMT

GET
H3 200 fondo1.png
s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/ Frame AF64 12 KB
12 KB 60ms
60ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/fondo1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5547bf768c4023a796160344735f8e550d73990127162854df18f827e4ecd74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 15:04:51 GMT
x-content-type-options: nosniff
age: 137328
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11850
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 17:22:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 15:04:51 GMT

GET
H3 200 foto.png
s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/ Frame AF64 39 KB
39 KB 46ms
46ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/foto.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

deef0ca154571e17a9007a38261b3aefeaf393f6c28e8bd5734687020b2bf6b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9697978085941395562/CV~Checo_200_FM~BAN_728x90_FF~17112022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 15:04:51 GMT
x-content-type-options: nosniff
age: 137328
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39752
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 17:22:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 15:04:51 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D58 0
20 B 82ms
81ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bzz6DgiyMY7P1MOiH9u8Pv7--mAwAAAAAOAHgBAI&bg=!SkmlSQ3NAAbvMpMzzzI7ACkAdvg8WjRuuzRsUDNSFdrRa0BD9GVGq0FNmDPWciIdDromNmMjKWRC5QIAAADHUgAAAANoAQcKALfOmZCV8vTORhqye7gcJ9a738guNV3T5HypwmXtX8djn_eodK7PTTyfqzelj0DqJAim76m4zlZKKdY3vxb2BZ5F9aKmgh-mw1ArgYZ8AkDQiVvf4y96M4Chg_IeLyAcqdC74H_XHy3neICD2uT3Qii2RmveJV0LRsXUuLnoltgWwZRHkcivTx2E686yzveSTZrmDBOJYLy22l9BWDiH8FbrTUNlReKeNMxB18w6xGTLkKtPlRu0CCCZAuFv7xIUJaHqDSzoquvfpWCld3R9Cxxe7WwY4hYsGYWN5xRXGsDMj8iEr9uzxkKqqJscyL9C3uWfbvDy0BRmo8GNqRCJC7WH4Sq10CiPvCCdv1NOrDTxI0Cr6wl78t4xDZjJFVUe1HQKrdRk6TplP3dTOpKXXQdr0O_47i-Z3QxPI60dCXNP-gYof3Z9xdKhqCAPEEHqrYX00PrvlN5BLK57pepdPMhbDy4tTCp5c-MjbLwVCEkhlOD8NIsYPAGpCZEmtu7fqbunUIEPwpyqTmmKuG9MQ7udVQ5XGG7sC8xXAYFLTQcvTPamQ_QzD-PK8k_PW9URC2SLoxaWPtXqCef656863-9SVrphyM0gFGbOAwM02GMGKrxI-Drz7ANBAJhsKAsxDaOvKauP-dqUYCMJMsy4dMqNoSyv9w47Pr3LWRh8g_P1S3meQVKpjd-1ah1hS9DYncxpiJw5e5F_amSuAVoQibpXL2WXmeLr3PA0W6_lIRDxd_5ZOtolKF_PG540H6-SEXqPLwixlf1gfO5RXHPg0ePmkTbiWlDbgB_0g1-2F9_40tZAc4qGpS78n4vIBOeEBXok54sB_sFqhDodgHUebQlNN4s8SECZyfAGms3KtVJz3TpXfsZR2-MfuImlnPo0mCBnD7lZqctpOPdqYlZRj2EXPmjxTkdqNmM2jh1IR74zGaifsX5oi4aFtscy5fl5fQLtC9DeB4DTnybZbaBT1OXTAMxAuDqJfmoSWwDq536k3ucpeLNt78cqHG02M1YKVQ2ptoTCSEcHWUS5mP0YrDaYyBB53Fem8VR12SGbzKpSJHA4pwilz7I-uvW0IkfqNLF5BHeuorgD4jCqSp1datBwXo88uiH99Qb2EykRjjbKtk8hi72kOao9j-GaANyj2r3E1kQao6OYqeCwTkXvsyPxAYFhpLvNO0bOi8TJ1sRlb1rV3FQfmrrXR9p8z0G5BOI7afsRCZTWa71Zsw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 91DF 42 B
64 B 92ms
92ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsviq1mUCae87aHg0rx2XFCnu7CUIe-YCtjXJP4F4BSl5ci6eRyipkbU3lRt2IVSGJh3Uzs27yfOBl-tTaPSQ8hIRgtUxZhWLHCT4VIVAliz-0Lrj68PbTvtKIyem9ep-AvxSCezuw&sai=AMfl-YQ-c1nWdwrkJlfeI_BSvm6CwPhq_Un1StyvVWo74qDIbQFBIKV8ccIUtHlAlRcsPbeoTOYBvdNOZ7t0xCiPi5Wdfa7zLH3FDCr-NZyXWNEQ8GGFDuTklEKzMgNjjA&sig=Cg0ArKJSzBQmsEpoV-9DEAE&cid=CAQSOwDq26N97it0L5Kan47pW2OgfNeS_W5h0-KRtDKfT3AYrKtB_Q4VcFbeb11YPXuwbIer7uq-109G3CmqGAEgEw&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=656,1000,1000,1000,1000&tos=656,344,0,0,0&v=20221130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670130818757&rpt=571&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Dec 2022 05:13:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: a1.admaster.net
URL: http://a1.admaster.net/a/10507/155?pos=0.8456750456907984

Domain: c.bigmir.net
URL: http://c.bigmir.net/?o1&v16854857&s16853252&t0&c1&n256268&w0&y0&d24&r1600

Domain: g.novostimira.biz
URL: http://g.novostimira.biz/l/1322?v=2783551

Verdicts & Comments Add Verdict or Comment

239 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
legas.com.ua/	1969-12-31 23:59:59	Name: b Value: b
legas.com.ua/	1969-12-31 23:59:59	Name: iua Value: 1
.legas.com.ua/	1970-01-20 17:31:30	Name: _ga Value: GA1.3.418467287.1670130815
.legas.com.ua/	1970-01-20 07:56:57	Name: _gid Value: GA1.3.616744480.1670130815
.legas.com.ua/	1970-01-20 07:55:30	Name: _gat Value: 1
.i.ua/	1970-01-20 07:55:32	Name: __cf_bm Value: ezDorVd23PhToE8ILEJyEhf6yytgxLOLD.O63Yafyi0-1670130815-0-AT5xEFk+TNFVEz3jFhLOO/aDVd4pxGNd+4gxyguYwFuCEwGMz5OvXItT8aeaykZ7+iu/mRWx5Z3PWW3vUV0JVg4=
.yandex.ru/	1970-01-20 17:31:30	Name: i Value: AgC02D5ojSZMcwQNPXrRiKo8+ATpl59LgBdR9vy/DnSGxdB4Uzq8yYqguUpYNgTBb5uQHByvIMUvrvhWfeZs0aPlhZE=
.legas.com.ua/	1970-01-20 17:17:06	Name: __gads Value: ID=4dc4798ab816c438-2237671d07d80032:T=1670130815:RT=1670130815:S=ALNI_MZe6vp3gx5IGi2LDbcXgjEhG75vWg
.legas.com.ua/	1970-01-20 17:17:06	Name: __gpi Value: UID=00000b8d69e4e8c7:T=1670130815:RT=1670130815:S=ALNI_MarxrijUDK7agoWAeyWoZtMJTNxkw
.doubleclick.net/	1970-01-20 17:17:06	Name: IDE Value: AHWqTUm50b2pRycuIvXMJbjB6u8DNov-StQT6567BLpqFOiAd3pImkP-HEeaH7g9UGg
.doubleclick.net/	1970-01-20 07:55:34	Name: DSID Value: NO_DATA
.expedia.co.uk/	1970-01-20 07:55:32	Name: HMS Value: fa2bcb4f-7d16-423c-ab5c-609faafb53a9
.expedia.co.uk/	1970-01-20 17:31:30	Name: MC1 Value: GUID=37da262f66a0446592b3d19d5c58cff3
.expedia.co.uk/	1970-01-20 17:31:30	Name: DUAID Value: 37da262f-66a0-4465-92b3-d19d5c58cff3
.expedia.co.uk/	1970-01-20 17:31:30	Name: OIP Value: gdpr\|-1
.expedia.co.uk/	1970-01-20 08:05:35	Name: CRAS Value: UK.DIRECT.PHG.1100l95727.0
.legas.com.ua/	1970-01-20 07:55:30	Name: _dc_gtm_UA-9703351-1 Value: 1
.legas.com.ua/	1970-01-20 07:55:30	Name: _gat_UA-9703351-1 Value: 1
.casalemedia.com/	1970-01-20 16:41:06	Name: CMID Value: Y4wsgnGLqPB8n3P8zNhNjgAA
.casalemedia.com/	1970-01-20 10:05:06	Name: CMPS Value: 5164
.casalemedia.com/	1970-01-20 10:05:06	Name: CMPRO Value: 5164
.adnxs.com/	1970-01-20 10:05:06	Name: uuid2 Value: 7668223262018490517
.adnxs.com/	1970-01-20 10:05:06	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb=q2@-s!@wnfH8K6pQK`!5=E<L5?%K77m(QkeD(VMdIXH5ic1>[82kL.Cm$YP/o(d%nugO%v4VB%nmoy*!_i_
.pubmatic.com/	1970-01-20 07:56:57	Name: KTPCACOOKIE Value: YES
.rlcdn.com/	1970-01-20 16:41:06	Name: rlas3 Value: 32UrrQNZ9j/a5EFdTurE83Tq2Vh3lTM+2o+q4EGWTe8=
.quantserve.com/	1970-01-20 10:05:06	Name: d Value: EGIBCQHdJ4EA
.quantserve.com/	1970-01-20 17:25:45	Name: mc Value: 638c2c83-35bf4-ef4fd-9890f
.pubmatic.com/	1970-01-20 10:05:06	Name: KADUSERCOOKIE Value: 24C3F943-DF1F-4060-8355-2DF069408469
.agkn.com/	1970-01-20 16:41:06	Name: ab Value: 0001%3AfBeCp2l5PNfePZUFSrb0pKr3hmIhzele
.agkn.com/	1970-01-20 16:41:06	Name: u Value: C\|0CEArHukDKx7pAwAAAAAAAQ13AQCAAQpAAAAAAA
.rlcdn.com/	1970-01-20 09:21:54	Name: pxrc Value: CIPZsJwGEgUI6AcQABIGCOndKhAA
.innovid.com/	1970-01-20 10:05:06	Name: uuid Value: 3b6fb81d-18fb-469e-93d0-2e664040106c-20221204 00:13:39
.e.dlx.addthis.com/	1970-01-20 17:25:45	Name: na_tc Value: Y
.addthis.com/	1970-01-20 17:25:45	Name: na_id Value: 2022120405133900036689548793
.addthis.com/	1970-01-20 17:25:45	Name: na_tc Value: Y
.addthis.com/	1970-01-20 17:25:45	Name: uid Value: 638c2c8326a9bb16
.addthis.com/	1970-01-20 17:25:45	Name: ouid Value: 638c2c830001f589bd449c0dab8a6d95ee8261cb207de81a7681
.dlx.addthis.com/	1970-01-20 08:38:42	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 08:38:42	Name: na_sr Value: 20221204
.dlx.addthis.com/	1970-01-20 07:55:30	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 08:38:42	Name: na_sc_e Value: 0

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://caddy.com.ua/components/com_jshopping/files/img_products/VWTGN-1.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://www.meteoprog.ua/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://info.maps.yandex.net/traffic/kiev/current_traffic_150.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	error	URL: https://legas.com.ua/(Line 52) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure script 'http://a1.admaster.net/a/10507/155?pos=0.8456750456907984'. This request has been blocked; the content must be served over HTTPS.
security	warning	URL: https://legas.com.ua/(Line 212) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://caddy.com.ua/components/com_jshopping/files/img_products/VWTGN-1.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://legas.com.ua/(Line 283) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://www.meteoprog.ua/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://040510111616.c.mystat-in.net/?i040510111616&t4&g27&w1600&c24&r&v3&j0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
javascript	warning	URL: https://legas.com.ua/(Line 382) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://c.bigmir.net/?o1&v16854857&s16853252&t0&c1&n256268&w0&y0&d24&r1600, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	error	URL: https://legas.com.ua/(Line 382) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure script 'http://c.bigmir.net/?o1&v16854857&s16853252&t0&c1&n256268&w0&y0&d24&r1600'. This request has been blocked; the content must be served over HTTPS.
javascript	warning	URL: https://legas.com.ua/(Line 382) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://c.bigmir.net/?o1&v16854857&s16853252&t0&c1&n256268&w0&y0&d24&r1600, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	warning	URL: https://legas.com.ua/ Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://r.i.ua/s?u66180&p62&n0.34997388741476243&c1&d24&w1600&h1200&r/legas.com.ua/'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	error	URL: https://legas.com.ua/(Line 955) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure frame 'http://banner.kiev.ua/cgi-bin/bi.cgi?h84092&6345410&1'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://legas.com.ua/(Line 1145) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure script 'http://g.novostimira.biz/l/1322?v=2783551'. This request has been blocked; the content must be served over HTTPS.
security	warning	URL: https://legas.com.ua/(Line 1260) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://info.maps.yandex.net/traffic/kiev/current_traffic_150.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://pagead2.googlesyndication.com/pagead/show_ads.js(Line 94) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure element 'http://clck.yandex.ru/click/dtype=stred/pid=30/cid=1529/*http://ya.ru'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	error	URL: https://legas.com.ua/(Line 1177) Message: Mixed Content: The page at 'https://legas.com.ua/' was loaded over HTTPS, but requested an insecure frame 'http://kurs.com.ua/informer/inf2?color=blue&rnd=1670130815254'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://caddy.com.ua/components/com_jshopping/files/img_products/VWTGN-1.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cpa.com.ua/get_js/script.js?aid=90 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://info.maps.yandex.net/traffic/kiev/current_traffic_150.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.meteoprog.com/ua/informerget/?type=4&city[]=Kyiv&color=13659f&txtcolor=FFFF00 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0&original_destination=https://www.expedia.co.uk/?clickref=1011lwoaDCxi&affcid=UK.DIRECT.PHG.1100l95727.0&ref_id=1011lwoaDCxi&my_ad=AFF.UK.DIRECT.PHG.1100l95727.0 Message: Failed to load resource: the server responded with a status of 429 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

040510111616.c.mystat-in.net
a1.admaster.net
adservice.google.co.uk
adservice.google.com
ag.innovid.com
c.bigmir.net
caddy.com.ua
clck.yandex.ru
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cpa.com.ua
d.agkn.com
dsum-sec.casalemedia.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
g.novostimira.biz
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hlmiq.com
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
info.maps.yandex.net
legas.com.ua
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
r.i.ua
resistcorrectly.com
rtb.openx.net
s0.2mdn.net
ssum-sec.casalemedia.com
static.xx.fbcdn.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.expedia.co.uk
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.meteoprog.com
www.meteoprog.ua
a1.admaster.net
c.bigmir.net
g.novostimira.biz
104.18.3.81
104.76.200.192
142.132.202.70
142.250.185.130
172.64.154.237
176.9.60.211
184.30.16.79
185.80.39.216
192.102.6.73
198.47.127.19
216.58.212.162
2606:4700:3031::ac43:c6bd
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:806::2002
2a00:1450:4001:810::2001
2a00:1450:4001:810::2002
2a00:1450:4001:810::200a
2a00:1450:4001:810::200e
2a00:1450:4001:811::2006
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::2003
2a00:1450:400c:c08::9a
2a02:6b8::130
2a02:6b8::14
2a03:2880:f045:10:face:b00c:0:3
2a03:2880:f145:82:face:b00c:0:25de
2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d
2a06:98c1:3121::3
31.131.16.29
34.98.67.61
35.157.182.139
35.186.253.211
35.244.174.68
37.252.171.84
49.12.116.255
69.173.144.138
05c98fff0246c3e7a08bdb57be4fe2333b23a2ea2d6b93732262149d6bd4ff0e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c7ca8ff5817ef383260a975d3efaab3613d2dba4cbda4969e12dd63d39fe905
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1945233d4d60c4b7cf8c2ffcb08e8114f437f21012e10613fe955be1067eb481
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
21583f7002df3434278d0ac87cde6b062999b39689e75945e152f8a5e75ef7fe
237cf8f37b13897d316cac3b0d7c27944683b5ac05459e2ba1372ed521c9dd44
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
39d9a7d27746abac94a816afff9163ad94d43f73261948af892bd4d149ddad4e
3f93edec077db285f2ab20380adf319c8ca8e7526d2f14a46c227ed1d57c1dec
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f11634b2fde9633b66339f835b3dd66c1d6c6539ce687e37242ce5071f4cd25
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
515a2e2a32a588aa7ba3d8f701d52b37ab6d28ed40d0ce99ddda77e21f4a4359
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
569c702259b383caefdb03116027827805835f3fe8bc26d24e6458ded72632c0
578d39c8cc926851f5be1195f339d26cbbf239f2f7cac8b55b349276514b85fe
59729251e018160eeed443c848fa5fd802b40e984b5afe60560c3cbe9d7b4612
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64f4ced5d55df1d2b68756fbeffafd50b5d09c3ad7703f89a0660269a4ea3a54
6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b8a002390afd22c13b4e9a26dcb0df38ec621033997805b14e826ba3d6569ce
6edbf13af2f07f3ff6cf1b7ab649b8c6c28d247f2d7750a8593bd534de07d744
720b21233cc3f5ac1443ecb48e8807913f0927ee4ffd04d805b76aa2b93bed2b
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
79d43d860bcaf8b62c343669b1c7c7acf20a83d0a35ade74f875c8157e71bbd4
7e928161cd626935d39ff08188caa3f3a918811ca87194082dedf28b697ce6fd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89428c566f5a59537e7f5d10f755ab703d555072a2188e747ad2afb5203f124e
8a3f917ad27183dcf0d8e0914cbd84b1376298db382e66459b3376911e75a668
8d61bc67c5b06bbd0e0787fc1e661c2fb58ba72c46b7b05ca3ee94c20e599130
9643a0ee05228b6e4016e9fe18284e440e35ddebd698cfce3d1ca72728885827
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a09e13c638a87221309d50308f54beade6403e4e4a051f485461f4405ba1929e
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a327ff5bc384f38e4ef5b88dd25812a252b6ff52b4f3a6e1b2133df16919708a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6e4685de256f1f5db18c2d250ffd77609c6b84ccd7793c93680905eaefa5c7b
a6e648923be27227370e476a3fe1b29b7d43f486b80ffb409a04d7b6ef3909ca
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a86b3a844dad8b4c5673af644a74b9046f920772bfc75d0f5fa0704d19510d2e
a9f8abc0cbb63c54e23f50e7b49e9c715fcc71169dc0a66c0c1b05fc725ae6c0
abb1939abd97435c40df952f2c5b5c6352f6ce900802a1a18a1d4935eda6bacc
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b515f8ef7e527366a43bd9135ae400848724710323422e67fda10ad6c33a7195
b52e1fde3b57d79352aba9db6a9b0a18838bee998a2337ad991932bb9618d463
b771203e1a04667924c621eee87befe31b5d2f22ee4d34a0f4c95613af11d157
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
d2a33699344b72a323da92cb91da2af33b58c34e264965d44e270695a1f091ac
d4b9594a3f5f07d507ad95311d60f311a9ab9fa29ad1e69a992d0667f877b84e
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deef0ca154571e17a9007a38261b3aefeaf393f6c28e8bd5734687020b2bf6b9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4c3d2ae0aa42ca94a4dc0e1640116bf41f42653d66db64fed3ff327703816a8
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5547bf768c4023a796160344735f8e550d73990127162854df18f827e4ecd74
f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a
fbb4828d62f1375d0c8c8fd7f8aded6c19cf078e72bd51fd1cbff277ee672102

legas.com.ua Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

141 Requests

82 %HTTPS

54 %IPv6

40 Domains

47 Subdomains

33 IPs

9 Countries

1396 kBTransfer

3830 kBSize

41 Cookies

10 Outgoing links

Page URL History

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

legas.com.ua Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

82 %
HTTPS

54 %
IPv6

40
Domains

47
Subdomains

33
IPs

9
Countries

1396 kB
Transfer

3830 kB
Size

41
Cookies

141 HTTP transactions
2 data transactions