2plus2.ua Open in urlscan Pro
195.137.240.82 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://2plus2.ua/
Effective URL:
https://2plus2.ua/
Submission: On February 26 via api (February 26th 2022, 6:48:38 pm UTC) from GB — Scanned from GB

Summary HTTP 389 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 71 IPs in 12 countries across 57 domains to perform 389 HTTP transactions. The main IP is 195.137.240.82, located in Ukraine and belongs to ASN-UNIAN, UA. The main domain is 2plus2.ua.
TLS certificate: Issued by R3 on January 19th 2022. Valid for: 3 months.

This is the only time 2plus2.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	195.137.240.82 195.137.240.82	29389 (ASN-UNIAN) (ASN-UNIAN)
54	195.137.240.20 195.137.240.20	29389 (ASN-UNIAN) (ASN-UNIAN)
4	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	195.137.240.12 195.137.240.12	29389 (ASN-UNIAN) (ASN-UNIAN)
4	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1 10	54.37.238.28 54.37.238.28	16276 (OVH) (OVH)
6	195.137.240.88 195.137.240.88	29389 (ASN-UNIAN) (ASN-UNIAN)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
4	195.137.240.108 195.137.240.108	29389 (ASN-UNIAN) (ASN-UNIAN)
8	146.59.18.237 146.59.18.237	16276 (OVH) (OVH)
2	45.133.44.3 45.133.44.3	7018 (ATT-INTER...) (ATT-INTERNET4)
2	146.59.30.108 146.59.30.108	16276 (OVH) (OVH)
8	2a0c:5c81:514... 2a0c:5c81:5142::2	55081 (24SHELLS) (24SHELLS)
6	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1 2	23.111.9.38 23.111.9.38	33438 (HIGHWINDS2) (HIGHWINDS2)
1	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:27::... 2620:1ec:27::cafe:2277	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	195.137.240.21 195.137.240.21	29389 (ASN-UNIAN) (ASN-UNIAN)
1	37.18.16.16 37.18.16.16	205675 (HYBRID-AS) (HYBRID-AS)
1 1	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
1	193.200.65.5 193.200.65.5	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
2	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	46.249.52.248 46.249.52.248	50673 (SERVERIUS-AS) (SERVERIUS-AS)
2	146.0.227.109 146.0.227.109	20773 (GODADDY) (GODADDY)
4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 4	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
4	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c0b::9b	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 8	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	34.231.128.63 34.231.128.63	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	23.111.200.118 23.111.200.118	7979 (SERVERS-COM) (SERVERS-COM)
2	2602:803:c003... 2602:803:c003:200::31	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
10	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
8 18	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80f::2003	15169 (GOOGLE) (GOOGLE)
1	74.125.133.154 74.125.133.154	15169 (GOOGLE) (GOOGLE)
6	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	34.243.10.54 34.243.10.54	16509 (AMAZON-02) (AMAZON-02)
2 4	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1 1	195.137.240.27 195.137.240.27	29389 (ASN-UNIAN) (ASN-UNIAN)
13	195.137.240.56 195.137.240.56	29389 (ASN-UNIAN) (ASN-UNIAN)
2	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 5	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
4 4	213.155.156.182 213.155.156.182	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	35.211.141.197 35.211.141.197	19527 (GOOGLE-2) (GOOGLE-2)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	51.89.21.10 51.89.21.10	16276 (OVH) (OVH)
389	71

13 195.137.240.82 (Ukraine) 1 redirects

ASN29389 (ASN-UNIAN, UA)
PTR: front02.1plus1.ua

2plus2.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 195.137.240.20 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: images.1plus1.ua

images.1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

player.adtcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.137.240.12 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: assay.1plus1.ua

assay.1plus1.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.37.238.28 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip28.ip-54-37-238.eu

gaua.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 195.137.240.88 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: front02.1plus1.ua

api.1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 195.137.240.108 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: front03.1plus1.ua

1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 146.59.18.237 (France)

ASN16276 (OVH, FR)
PTR: vps-a61777d5.vps.ovh.net

a4p.adpartner.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.3 (Philadelphia, United States)

ASN7018 (ATT-INTERNET4, US)

player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.59.30.108 (France)

ASN16276 (OVH, FR)
PTR: ip108.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a0c:5c81:5142::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

ghb.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ghb1.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ghb2.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.111.9.38 (United States) 1 redirects

ASN33438 (HIGHWINDS2, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:2277 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.137.240.21 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: images.1plus1.ua

vid4.tsn.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.18.16.16 (Russian Federation)

ASN205675 (HYBRID-AS, RU)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.149.0.72 (Ukraine) 1 redirects

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.5 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: t.trafmag.com

t.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.249.52.248 (Amsterdam, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

pbjs.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.0.227.109 (Ascension Island)

ASN20773 (GODADDY, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

adtelligent-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.9.252 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.231.128.63 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-128-63.compute-1.amazonaws.com

1x1.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5bdcc61aee8ff472b3520748fee18efa.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.200.118 (Russian Federation)

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:803:c003:200::31 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.185.66 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.87 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80f::2003 (Queens, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.243.10.54 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-10-54.eu-west-1.compute.amazonaws.com

vast.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::13 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.125 (Amsterdam, Netherlands) 3 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.137.240.27 (Ukraine) 1 redirects

ASN29389 (ASN-UNIAN, UA)
PTR: lb-01.1plus1.video

grandcentral.1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 195.137.240.56 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: vod-k2312-kbp.1plus1.net

vod-k2312-kbp.1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.211.178.172 (North Charleston, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.155.156.182 (Sweden) 4 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-182.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.141.197 (North Charleston, United States) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 197.141.211.35.bc.googleusercontent.com

m.fg8dgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.21.10 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p24.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
78	1plus1.video 1 redirects images.1plus1.video — Cisco Umbrella Rank: 465173 api.1plus1.video — Cisco Umbrella Rank: 337580 1plus1.video — Cisco Umbrella Rank: 262110 grandcentral.1plus1.video — Cisco Umbrella Rank: 524374 vod-k2312-kbp.1plus1.video	28 MB
66	googlesyndication.com a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com 5bdcc61aee8ff472b3520748fee18efa.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 120 pagead2.googlesyndication.com — Cisco Umbrella Rank: 92	598 KB
45	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 stats.g.doubleclick.net — Cisco Umbrella Rank: 67 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 cm.g.doubleclick.net — Cisco Umbrella Rank: 175 bid.g.doubleclick.net — Cisco Umbrella Rank: 448 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	459 KB
25	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	3 MB
13	2plus2.ua 1 redirects 2plus2.ua	141 KB
12	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 59	3 KB
12	gemius.pl 1 redirects gaua.hit.gemius.pl — Cisco Umbrella Rank: 58430 ls.hit.gemius.pl — Cisco Umbrella Rank: 13343	35 KB
11	adtelligent.com 1 redirects player.adtelligent.com — Cisco Umbrella Rank: 5338 ghb.adtelligent.com — Cisco Umbrella Rank: 5603 sync.adtelligent.com — Cisco Umbrella Rank: 2421 ghb1.adtelligent.com — Cisco Umbrella Rank: 6688 ghb2.adtelligent.com — Cisco Umbrella Rank: 9862	37 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 346	221 KB
9	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 736 gum.criteo.com — Cisco Umbrella Rank: 355 mug.criteo.com — Cisco Umbrella Rank: 3197	8 KB
8	adpartner.pro a4p.adpartner.pro — Cisco Umbrella Rank: 53119	19 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 imasdk.googleapis.com — Cisco Umbrella Rank: 407	443 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1248 i.clarity.ms — Cisco Umbrella Rank: 2013 c.clarity.ms — Cisco Umbrella Rank: 693	25 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	263 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	40 KB
5	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 265	4 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	179 KB
4	de17a.com 4 redirects d5p.de17a.com — Cisco Umbrella Rank: 4441	1 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 469	2 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488	4 KB
4	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3464 adservice.google.co.uk — Cisco Umbrella Rank: 5583	2 KB
4	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 865	1 KB
4	openx.net adtelligent-d.openx.net — Cisco Umbrella Rank: 17514 us-u.openx.net — Cisco Umbrella Rank: 322	666 B
4	4dex.io script.4dex.io — Cisco Umbrella Rank: 1902 mp.4dex.io — Cisco Umbrella Rank: 2329	24 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	202 KB
3	e-planning.net 1 redirects pbjs.e-planning.net — Cisco Umbrella Rank: 6090	2 KB
3	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 210 Failed	3 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 356	954 B
2	fg8dgt.com 2 redirects m.fg8dgt.com — Cisco Umbrella Rank: 3745	767 B
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 653 r.turn.com — Cisco Umbrella Rank: 2694	869 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 683 s.tribalfusion.com — Cisco Umbrella Rank: 1640	1 KB
2	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 927	927 B
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 792	344 B
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 638	56 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	313 B
2	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5927	342 B
2	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 420	166 B
2	a-mo.net prebid.a-mo.net Failed 1x1.a-mo.net — Cisco Umbrella Rank: 3652	177 B
2	admixer.net inv-nets.admixer.net — Cisco Umbrella Rank: 2092	998 B
2	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 436 Failed	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	114 KB
2	mouseflow.com 1 redirects cdn.mouseflow.com — Cisco Umbrella Rank: 5697	17 KB
2	1plus1.ua assay.1plus1.ua — Cisco Umbrella Rank: 377216	23 KB
2	adtcdn.com player.adtcdn.com — Cisco Umbrella Rank: 23252	123 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 493	526 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 387	864 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2478	104 B
1	yahoo.com ads.yahoo.com — Cisco Umbrella Rank: 835	194 B
1	adsafeprotected.com vast.adsafeprotected.com — Cisco Umbrella Rank: 3998	4 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 212	556 B
1	betweendigital.com ads.betweendigital.com — Cisco Umbrella Rank: 1448 Failed	905 B
1	trafmag.com t.trafmag.com — Cisco Umbrella Rank: 6501	351 B
1	hybrid.ai dm.hybrid.ai — Cisco Umbrella Rank: 6079	238 B
1	tsn.ua vid4.tsn.ua	701 B
1	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 1701
0	netmng.com Failed google2waycm.netmng.com Failed
0	adnuntius.delivery Failed ads.adnuntius.delivery Failed
389	57

	Domain	Requested by
54	images.1plus1.video	2plus2.ua 1plus1.video
31	pagead2.googlesyndication.com	securepubads.g.doubleclick.net a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com googleads.g.doubleclick.net 2plus2.ua tpc.googlesyndication.com www.googletagservices.com srcdoc
29	tpc.googlesyndication.com	2plus2.ua a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com
25	s0.2mdn.net	2plus2.ua s0.2mdn.net imasdk.googleapis.com
18	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
13	vod-k2312-kbp.1plus1.video	1plus1.video
13	2plus2.ua	1 redirects 2plus2.ua
12	securepubads.g.doubleclick.net	2plus2.ua securepubads.g.doubleclick.net www.googletagservices.com a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
10	gaua.hit.gemius.pl	1 redirects 2plus2.ua gaua.hit.gemius.pl 1plus1.video
8	www.google.com	1 redirects 2plus2.ua api.1plus1.video a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com tpc.googlesyndication.com
8	a4p.adpartner.pro	2plus2.ua a4p.adpartner.pro player.adtcdn.com
7	googleads.g.doubleclick.net	a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com 2plus2.ua
6	googleads4.g.doubleclick.net	2plus2.ua
6	www.google-analytics.com	www.googletagmanager.com a4p.adpartner.pro www.google-analytics.com 2plus2.ua
6	ghb.adtelligent.com	player.adtelligent.com player.adtcdn.com
6	api.1plus1.video	2plus2.ua 1plus1.video api.1plus1.video client imasdk.googleapis.com
5	x.bidswitch.net	5 redirects
5	www.googletagservices.com	vid4.tsn.ua a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com securepubads.g.doubleclick.net
5	a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	d5p.de17a.com	4 redirects
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	gum.criteo.com	2 redirects static.criteo.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	imasdk.googleapis.com	a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com 1plus1.video imasdk.googleapis.com
4	adservice.google.com	securepubads.g.doubleclick.net imasdk.googleapis.com
4	i.clarity.ms	www.clarity.ms i.clarity.ms
4	onetag-sys.com	1 redirects player.adtcdn.com a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
4	1plus1.video	2plus2.ua 1plus1.video
4	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagmanager.com	2plus2.ua 1plus1.video www.googletagmanager.com
4	fonts.googleapis.com	2plus2.ua securepubads.g.doubleclick.net a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com api.1plus1.video
3	mug.criteo.com
3	adservice.google.co.uk	securepubads.g.doubleclick.net
3	pbjs.e-planning.net	1 redirects 2plus2.ua player.adtcdn.com
3	ib.adnxs.com	player.adtcdn.com googleads.g.doubleclick.net
2	eb2.3lift.com	2 redirects
2	m.fg8dgt.com	2 redirects
2	cms.quantserve.com	a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	csi.gstatic.com	imasdk.googleapis.com
2	static.criteo.net	player.adtcdn.com static.criteo.net
2	1x1.a-mo.net	2plus2.ua
2	www.facebook.com	2plus2.ua
2	c.clarity.ms	1 redirects 2plus2.ua
2	bidder.criteo.com	player.adtcdn.com
2	prebid-eu.creativecdn.com	player.adtcdn.com
2	hbopenbid.pubmatic.com	player.adtcdn.com
2	mp.4dex.io	player.adtcdn.com
2	adtelligent-d.openx.net	player.adtcdn.com
2	inv-nets.admixer.net	player.adtcdn.com
2	fastlane.rubiconproject.com	player.adtcdn.com
2	script.4dex.io	player.adtcdn.com script.4dex.io
2	connect.facebook.net	2plus2.ua connect.facebook.net
2	cdn.mouseflow.com	1 redirects 2plus2.ua
2	ls.hit.gemius.pl	gaua.hit.gemius.pl
2	player.adtelligent.com	player.adtcdn.com
2	assay.1plus1.ua	2plus2.ua
2	player.adtcdn.com	2plus2.ua
1	id5-sync.com	player.adtcdn.com
1	sync.mathtag.com	1 redirects
1	r.turn.com	a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	s.tribalfusion.com	a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
1	grandcentral.1plus1.video	1 redirects
1	ads.yahoo.com	googleads.g.doubleclick.net
1	vast.adsafeprotected.com	imasdk.googleapis.com
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	www.gstatic.com	www.google.com
1	5bdcc61aee8ff472b3520748fee18efa.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	ghb2.adtelligent.com	player.adtcdn.com
1	www.google.co.uk	2plus2.ua
1	stats.g.doubleclick.net	www.google-analytics.com
1	c.bing.com	1 redirects
1	ghb1.adtelligent.com	player.adtcdn.com
1	ads.betweendigital.com	player.adtcdn.com
1	t.trafmag.com	2plus2.ua
1	sync.adtelligent.com	1 redirects
1	dm.hybrid.ai	2plus2.ua
1	vid4.tsn.ua	a4p.adpartner.pro
1	www.clarity.ms	2plus2.ua
1	script.crazyegg.com	www.googletagmanager.com
0	google2waycm.netmng.com Failed	a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
0	ads.adnuntius.delivery Failed	player.adtcdn.com
0	prebid.a-mo.net Failed	player.adtcdn.com
389	88

This site contains links to these domains. Also see Links.

Domain
1plus1.video
1plus1.ua
tsn.ua
plus-plus.tv
tet.tv
1plus1.international
biguditv.com
www.unian.net
paramountcomedy.com.ua
tv.kyivstar.ua
media.1plus1.ua
sales.1plus1.digital
www.facebook.com
www.youtube.com
twitter.com
plus.google.com
vb.me
t.me

Subject Issuer	Validity	Valid
2plus2.ua R3	`2022-01-19` - `2022-04-19`	3 months	crt.sh
*.1plus1.video Go Daddy Secure Certificate Authority - G2	`2021-10-22` - `2022-08-14`	10 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-17` - `2022-07-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
assay.1plus1.ua R3	`2022-01-07` - `2022-04-07`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2021-09-08` - `2022-09-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
adpartner.pro R3	`2022-01-10` - `2022-04-10`	3 months	crt.sh
player.adtelligent.com R3	`2022-01-18` - `2022-04-18`	3 months	crt.sh
ghb.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-02-06` - `2022-05-07`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-06` - `2022-03-06`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2021-06-01` - `2022-06-01`	a year	crt.sh
*.tsn.ua Go Daddy Secure Certificate Authority - G2	`2021-10-11` - `2022-11-12`	a year	crt.sh
*.hybrid.ai Sectigo RSA Domain Validation Secure Server CA	`2020-07-07` - `2022-10-05`	2 years	crt.sh
*.admixer.net Sectigo ECC Domain Validation Secure Server CA	`2021-11-16` - `2022-12-17`	a year	crt.sh
ghb1.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-02-09` - `2022-05-10`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.a-mo.net Amazon	`2021-08-10` - `2022-09-08`	a year	crt.sh
*.google.co.uk GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.e-planning.net R3	`2021-12-30` - `2022-03-30`	3 months	crt.sh
*.ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-15` - `2023-01-15`	a year	crt.sh
ghb2.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-02-09` - `2022-05-10`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
wrapper-vast.adsafeprotected.com Amazon	`2021-11-18` - `2022-12-16`	a year	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-02-07` - `2022-03-30`	2 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.id5-sync.com R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh

This page contains 36 frames:

Primary Page: https://2plus2.ua/
Frame ID: 591B59F44C65834D3F6AB23899A76E22
Requests: 149 HTTP requests in this frame

Frame: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2
Frame ID: 7057DCF4FB799D320F7A59DEFC8F0144
Requests: 66 HTTP requests in this frame

Frame: https://a4p.adpartner.pro/tt?time=0&apuid=undefined&session_pageview=1&session_id=c6907a81-b056-4bfa-bdae-68b8b975989c&site_visited=1&location=https%3A%2F%2F2plus2.ua%2F&referer=
Frame ID: 8FABCF480D4F055E3B8432894C9B7F61
Requests: 1 HTTP requests in this frame

Frame: https://a4p.adpartner.pro/vunit/ls?vunit=1412&bannerNum=89366454219693740&apuid=c661a2c4-21aa-4466-a374-0162332acf5d&session_pageview=1&session_id=c6907a81-b056-4bfa-bdae-68b8b975989c&site_visited=1&location=https%3A%2F%2F2plus2.ua%2F
Frame ID: 46872BDA890BF74A3EB133A5D001538F
Requests: 3 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: B35CD0D6AC9FF9424DE8007B85D19247
Requests: 1 HTTP requests in this frame

Frame: https://vid4.tsn.ua/adv/Adpartner/2plus2_mob.html?adId=568755&unitId=1412&showId=89108342-d94a-48aa-91b0-bd2ee19b75d6&link=https%3A%2F%2Fa4p.adpartner.pro%2Fclick%2F1412%2F568755%2F89108342-d94a-48aa-91b0-bd2ee19b75d6%3Fdata%3DeyJjcmVhdGVkX2F0IjoxNjQ1OTAxMzA5LCJzaG93X2lkIjoiODkxMDgzNDItZDk0YS00OGFhLTkxYjAtYmQyZWUxOWI3NWQ2IiwiYWRfdW5pdF9pZCI6MTQxMiwicnVsZV9pZCI6MjQ1NjYsImFkX2lkIjo1Njg3NTUsImRhdGFfc291cmNlIjoiIiwicGxhdGZvcm1faWQiOjMsIm9zX2lkIjoxLCJicm93c2VyX2lkIjoxLCJjdXN0b21lcl9pZCI6ImM2NjFhMmM0LTIxYWEtNDQ2Ni1hMzc0LTAxNjIzMzJhY2Y1ZCIsInJlZ2lvbl9pZCI6MTEyLCJzdWJfcmVnaW9uX2lkIjowLCJjaXR5X2lkIjowLCJpc19yZWZyZXNoIjpmYWxzZX0%3D%26hash%3D3c856b1750b96520e3f2ee2da2449aaf&bannerNum=89366454219693740
Frame ID: A3D81DCB32CFA53B98C6AAF0C10586DA
Requests: 9 HTTP requests in this frame

Frame: https://a4p.adpartner.pro/tracker/if?data=%257B%2522apuid%2522%253A%2522c661a2c4-21aa-4466-a374-0162332acf5d%2522%252C%2522event%2522%253A%2522load%2522%252C%2522ad_id%2522%253A%255B%257B%2522ad_id%2522%253A568755%252C%2522rule_id%2522%253A24566%252C%2522show_id%2522%253A%252289108342-d94a-48aa-91b0-bd2ee19b75d6%2522%257D%255D%252C%2522unit_id%2522%253A1412%252C%2522region_id%2522%253A112%252C%2522sub_region_id%2522%253A0%252C%2522city_id%2522%253A0%252C%2522apsid%2522%253A%252289108342-d94a-48aa-91b0-bd2ee19b75d6%2522%252C%2522url%2522%253A%2522https%25253A%25252F%25252F2plus2.ua%25252F%2522%257D
Frame ID: 2F1C132DD1B59BA2AFAFC825415C3B87
Requests: 1 HTTP requests in this frame

Frame: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7BD03B57EB2708D5E00DDE947F019F86
Requests: 1 HTTP requests in this frame

Frame: https://5bdcc61aee8ff472b3520748fee18efa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 357F6E1483D968D081829B9044720F2C
Requests: 1 HTTP requests in this frame

Frame: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EB8CAD4BB72813EF2F6E9B25690A04E9
Requests: 16 HTTP requests in this frame

Frame: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9BDEE7B983CF9AB7E67ABDC78D38EABD
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs
Frame ID: 22B23F16F867B128CDF08B5EAB0688DF
Requests: 12 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 17347AF06FFF2EE56AE793899850E976
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNXCOPtL5mg6zM_E-kS8j29ZjCkdcTTdWWDidjRCj3YQ5sn0OOmTCDuEEDIlXbtXpn7pWEnjPVNr4OEgxP0l62qfG3pvAYKqhNaxUO6WH4xkYVC7Dg01c5fm0tcs4DS87QusJJSyvLTdVPgq_3JJN9ZnW3JYVXjMfeG3kCEdWDegKS8CMyc
Frame ID: 416E1BCE0B353CB1ADD63C57B32FF293
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuqTOFN3D6OfiyUbICI91EtAbbv0giOD3-J2Uag38JyT0IAJMxMwOFaoeC_zdzmtMTebw-hmJ1bmRNjKvnNOGrn_NXbt8lx9h88WWT9o9F_pNaLiHw9DuG8glHTm_ELaZsaYjuli68sbv-lsAXFyoJ9naJ9HfS-sQjMTR-FI6gMIgZ4yGSYGQw-7SsemMI1JSxBMK1U5MB1wQxQSXI_9iSzQ8HYr4WWsF_YkGjnuWdvuRp83L_8UcUisS77w0DvJ6fO3hPaVIlW5BSsAY_Odva14c175DzoKBx7txsiMdqHFbDAgOhGDAQMqrk3CrTdNUWPF67o4_Z6e32E&sig=Cg0ArKJSzCbLqAQSypeHEAE&uach_m=[UACH]&adurl=
Frame ID: 3D5BC0793EC5CDF0CE8B76147562349B
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 90F55723687940B996B2EF2D532E98D4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 795277465FDE1AE49BDE924B9F9FB2F0
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
Frame ID: 46EFEBB4A33AE4DE0FC6F3A0BC81CA47
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FD1C06F7FEF43D80A418292CA3760D32
Requests: 3 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=2plus2.ua
Frame ID: 207B3CD74B104C72EA0905443FFF4208
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F77BB91A335E1AB593DD8779D2C3EEF5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 22F2BC009EADF0F562F3155D0DF922A1
Requests: 2 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: 587D79B2E8622D132D614C98B527285C
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.502.0_uk.html
Frame ID: CF0E93BBC9D32FEDC868D19469BA439E
Requests: 2 HTTP requests in this frame

Frame: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B2A60053B119566E3F3EC4CE06E27116
Requests: 15 HTTP requests in this frame

Frame: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F1539CF07B433D8BDC418865E17FADB0
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022202072236000/amp4ads-v0.mjs
Frame ID: 2A7E80F1B79B8EF27FEEE72F549D16A7
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: FFEBF683A3D172FB9A74B5545BF5CAAA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIYk5nwvAEwAQ&v=APEucNVQ_cfDL2Ffs7dW3jRBrB5VeIJ0z36GccZfelFDr2v6m2AEfIEf4h_pCB1XnsGUYIc2dlXakVi8QVW1_Rt7RS0iHWBb2oHEqRly4bHUeoYXJISJjQUC4aXrRsYlxB_fAj2CmKIe7MwvMttVVhsZwzy4cosEwJRZbdB8MGtLH2H543NSVOg
Frame ID: B4A5FF56B80DF087A9085BFF5FEBD8B5
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNVTZvFU5Icen2bT2FdnKzp9T3Dc3nC85zqcKEw8J5sPMKxWSuzfYJEPka-McK5gq8s4-G5jRS_nKFK7VFI-1NweFT9hJRsSNjjzYZngmSfQShpLYOxXrejRnuj3HNJQAtHi_bQpYMWT5HA8dQcJBZIvzsHR8WFJvCDxOh7yrHfgWAq-d3c
Frame ID: 034288ABD6FB90A2AD226B89B740E2C3
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B9A2DA74456B7E6C4B06C648D89969B2
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 08A1804BE434500F30B0F5CECFAB0A6E
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D03C45B4BB1FC9D2F17FFE84750D0A2B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B588B32335EB4907BB76C33F32D6B69A
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html
Frame ID: 0A4026726EE963213AFEA5BD2094E372
Requests: 7 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
Frame ID: B25B778EB6817A0464382856FB11A4BE
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

2+2 - Офіційний сайт каналу онлайнKyivstar

Page URL History Show full URLs

http://2plus2.ua/ HTTP 301
https://2plus2.ua/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.mouseflow\.com

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

389
Requests

88 %
HTTPS

45 %
IPv6

57
Domains

88
Subdomains

71
IPs

12
Countries

34744 kB
Transfer

41605 kB
Size

70
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://1plus1.video/groshi
Title: Гроші

Search URL Search Domain Scan URL

URL: https://1plus1.video/sekretnye-materialy
Title: Секретні матеріали

Search URL Search Domain Scan URL

URL: https://1plus1.video/speckor
Title: Спецкор

Search URL Search Domain Scan URL

URL: https://1plus1.video/zateryannyj-mir
Title: Загублений світ

Search URL Search Domain Scan URL

URL: https://1plus1.video/dzhedai-voiny-dorog
Title: ДЖЕДАІ

Search URL Search Domain Scan URL

URL: https://1plus1.ua/

Search URL Search Domain Scan URL

URL: https://tsn.ua/

Search URL Search Domain Scan URL

URL: http://plus-plus.tv/

Search URL Search Domain Scan URL

URL: https://tet.tv/

Search URL Search Domain Scan URL

URL: https://1plus1.international/

Search URL Search Domain Scan URL

URL: https://biguditv.com/

Search URL Search Domain Scan URL

URL: https://www.unian.net/

Search URL Search Domain Scan URL

URL: https://1plus1.video/

Search URL Search Domain Scan URL

URL: https://paramountcomedy.com.ua/

Search URL Search Domain Scan URL

URL: https://tv.kyivstar.ua/ua/
Title: Kyivstar

Search URL Search Domain Scan URL

URL: https://media.1plus1.ua/ua/hr
Title: Кар'єра

Search URL Search Domain Scan URL

URL: https://media.1plus1.ua/ua/media/channels/problems
Title: Технічний розділ

Search URL Search Domain Scan URL

URL: https://sales.1plus1.digital/
Title: Реклама

Search URL Search Domain Scan URL

URL: https://www.facebook.com/2plus2.ua

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC0rUcXe-tsu_MA33brxjDNg?sub_confirmation=1#utm_source=1plus1&utm_medium=social-button-header&utm_campaign=youtube

Search URL Search Domain Scan URL

URL: https://twitter.com/2plus2tvchannel

Search URL Search Domain Scan URL

URL: https://plus.google.com/+2plus2TVchannel

Search URL Search Domain Scan URL

URL: https://vb.me/2plus2

Search URL Search Domain Scan URL

URL: https://t.me/channel2plus2

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://2plus2.ua/ HTTP 301
https://2plus2.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://cdn.mouseflow.com/projects/960ccfd6-74cb-4236-9230-f2f5d1c9d1c7.js HTTP 301
https://cdn.mouseflow.com/projects/960ccfd6-74cb-4236-9230-f2f5d1c9d1c7_eu.js

Request Chain 82

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D HTTP 302
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=d2da96f8c6a05439

Request Chain 88

https://gaua.hit.gemius.pl/_1645901309966/rexdot.js?l=100&id=nGhLmYBVmH9lDxK8n6qDIKPertEG4oNkPFAhnpWOfo3.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F2plus2.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=357&lsdata=e9aF8QRm05_c7ei3.Gcm5u8bvovchyguz9EkRFOcA3L.K71kQQG4McWAK68x9pDzYc6Sm1CZagZihjTPF4YcSjs5BOBo/RzDUfmslpGFcw/&fpdata=25sqqw61dn3TVBCg7DX8kaQuNJkmygLDoIY33rhUN4j..7&vis=1&fpcap= HTTP 301
https://gaua.hit.gemius.pl/__/_1645901309966/rexdot.js?l=100&id=nGhLmYBVmH9lDxK8n6qDIKPertEG4oNkPFAhnpWOfo3.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F2plus2.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=357&lsdata=e9aF8QRm05_c7ei3.Gcm5u8bvovchyguz9EkRFOcA3L.K71kQQG4McWAK68x9pDzYc6Sm1CZagZihjTPF4YcSjs5BOBo/RzDUfmslpGFcw/&fpdata=25sqqw61dn3TVBCg7DX8kaQuNJkmygLDoIY33rhUN4j..7&vis=1&fpcap=

Request Chain 93

https://pbjs.e-planning.net/pbjs/1/2e43c/1/2plus2.ua/ROS?rnd=0.5685174479888675&e=2000x1300_0%3A2000x1300%2B300x250_0%3A300x250%2B300x600_0%3A300x600%2B1440x180_0%3A1440x180&ur=https%3A%2F%2F2plus2.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2F2plus2.ua%2F&e_pubcid=62664075-05dc-4570-b7cb-c6d981958861 HTTP 302
https://pbjs.e-planning.net/hb/1/2e43c/1/2plus2.ua/ROS?ct=1&r=pbjs&rnd=0.5685174479888675&e=2000x1300_0%3A2000x1300%2B300x250_0%3A300x250%2B300x600_0%3A300x600%2B1440x180_0%3A1440x180&ur=https%3A%2F%2F2plus2.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2F2plus2.ua%2F&e_pubcid=62664075-05dc-4570-b7cb-c6d981958861

Request Chain 112

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=9FF7084B4D35460FBF0A5C36579535A3&RedC=c.clarity.ms&MXFR=21D3B8901E516AB2363AA9C71A5164F3 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=9FF7084B4D35460FBF0A5C36579535A3&MUID=2E6E88BFD32165660C6899E8D27964EA

Request Chain 188

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGzAndHGJLER_df4ZiD6xn8&google_cver=1

Request Chain 189

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yhp1-4DXaMzWdY.i3j3K2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGzAndHGJLER_df4ZiD6xn8&google_cver=1&google_hm=2

Request Chain 190

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAG8SwdU6QH_hEB-SpNyxMc&google_cver=1

Request Chain 191

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzEwNTE2NjQ4ODk4MTAxMzgwOA%3D%3D

Request Chain 246

https://gum.criteo.com/sid/json?origin=publishertag&domain=2plus2.ua&sn=ChromeSyncframe&so=0&topUrl=2plus2.ua&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=yjZKh3xkQlBRR0tYbFZmNU9RWFRUaXhxaVlqaS9DcVhMejc1R2RLaDZhMkVtZHFRZGlQenBwMFEzVSs0MlZITWdnVjlkbmEzZjhWOEdMNkxmYitxZ2VONW95NWhTbnkrUjEzM2dVVTdoQmswekNZOGcvc0hJSWU4M3ZTWUZ1amJQb1dUaXdpclVxeDJCdEE5d09lWldQZWVJY2tlT0sweVdYb0ZueUtyZmhlOGIrOEYrdytJUERFNTZ5eldKVWRRSGpUSHM4TFRtdXVrU1c1bUVRdjVsMllzVXRjcmxiSzRXNG5mcTgxeExxWnNicUFjSjFldXJ6SnUxeEZaZUpGcFN4M1VBYlZXbmFydVVGRGJnREIrS0lKNWFadz09fA&cppv=2

Request Chain 311

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEVDM1oLS7h5du8aa4DO5lU&google_cver=1

Request Chain 313

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEOqtQDWOaUNQ3o0R-J-NJW0&google_cver=1

Request Chain 315

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGuDaCpeF161PpT-9xNw5W4&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGuDaCpeF161PpT-9xNw5W4&google_cver=1&__user_check__=1&sync_id=b21e3569-9734-11ec-abc9-1a7cb9e30506

Request Chain 316

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=b2180d77-9734-11ec-b4cb-182a6e990306 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YjIxODBkMzQtOTczNC0xMWVjLWI0Y2ItMTgyYTZlOTkwMzA2

Request Chain 325

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 333

https://grandcentral.1plus1.video/vod/202202/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7/9c701a4f64987d847e5473c32f22ae87/1645987709?return_http=true&_t1602905113858 HTTP 302
https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/playlist.m3u8

Request Chain 345

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFutaUJpNmUzqKzE9DKcgMY&google_cver=1&google_push=AYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCGg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCGg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFutaUJpNmUzqKzE9DKcgMY&google_cver=1&google_push=AYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCGg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCGg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 346

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEEwAFvLyPndhxRYKavZD1M4&google_cver=1&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEEwAFvLyPndhxRYKavZD1M4&google_cver=1&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8&google_hm=Pneq-I7dSa2eZtOJgTDgog==

Request Chain 347

https://d5p.de17a.com/cookies/google?google_gid=CAESEFXFzP0mPdXCsttRuoH-buQ&google_cver=1&google_push=AYg5qPKDYHx-vhnJPVGSgsgOvyAJkbc8Cb6ofG_DDr1ECuRiif-atdTZQ2G7l9SPDKLlN69HVjprnkfZ2MBhyIzktMbXUTbzYaFR HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEFXFzP0mPdXCsttRuoH-buQ&google_cver=1&google_push=AYg5qPKDYHx-vhnJPVGSgsgOvyAJkbc8Cb6ofG_DDr1ECuRiif-atdTZQ2G7l9SPDKLlN69HVjprnkfZ2MBhyIzktMbXUTbzYaFR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKDYHx-vhnJPVGSgsgOvyAJkbc8Cb6ofG_DDr1ECuRiif-atdTZQ2G7l9SPDKLlN69HVjprnkfZ2MBhyIzktMbXUTbzYaFR

Request Chain 348

https://match.360yield.com/match/ebda?google_gid=CAESEH6mOTF87Y5FoMLqkbcPbfw&google_cver=1&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEH6mOTF87Y5FoMLqkbcPbfw&google_cver=1&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq

Request Chain 349

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMrYfEO-ANL3-Z0nNruUpg8&google_cver=1&google_push=AYg5qPKsDe9eFkujFn3jsPZIiVZTWCZYO0oX47qBc3YVlIqtFaTFvSrnL7gn6pmjLrObu65RrMF16R20rQHGOp--72UUS26c2LQBVA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPKsDe9eFkujFn3jsPZIiVZTWCZYO0oX47qBc3YVlIqtFaTFvSrnL7gn6pmjLrObu65RrMF16R20rQHGOp--72UUS26c2LQBVA HTTP 302
https://onetag-sys.com/sync/i,19/?google_error=5

Request Chain 352

https://ad.turn.com/r/cs?pid=3&google_gid=CAESECqn2_KxQKG3yzCtjwEzXY0&google_cver=1&google_push=AYg5qPJT3E1RFQdPlrb0Jpe89ELv9__DcN_gofzE__4Bsd6Bz6sS24Hl2QDeIx6O7LuIk1IhJ3NyuCdJQR0bCOUdoTM5ApkvLIE9rw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzU1NDM1NzAwODkzMDYzOTc2Mw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECqn2_KxQKG3yzCtjwEzXY0&google_cver=1

Request Chain 354

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEEaOQ7crqv55hDEALmMk5DU&google_cver=1&google_push=AYg5qPL36gBFXYlLdSgnEVzoUO7s0LiS1NPEKSmgBXa37C-Uqn0vbcrS_itRR7wcJ6_d_cATaozHPlGtlNVfOLe4NzDOr54jgRWsLQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPL36gBFXYlLdSgnEVzoUO7s0LiS1NPEKSmgBXa37C-Uqn0vbcrS_itRR7wcJ6_d_cATaozHPlGtlNVfOLe4NzDOr54jgRWsLQ

Request Chain 355

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEEwAFvLyPndhxRYKavZD1M4&google_cver=1&google_push=AYg5qPKQmp1jYFCdB4gxJ3p6x1F40iE9W6EYo8HqU8YDWxa4skztGS7rctsdAOetRd_yFjpQXgaFTVN18H6YAurIvvgwgElbjNheuQ HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEEwAFvLyPndhxRYKavZD1M4&google_cver=1&google_push=AYg5qPKQmp1jYFCdB4gxJ3p6x1F40iE9W6EYo8HqU8YDWxa4skztGS7rctsdAOetRd_yFjpQXgaFTVN18H6YAurIvvgwgElbjNheuQ HTTP 302
https://m.fg8dgt.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&ssp_uuid=3e77aaf8-8edd-49ad-9e66-d3898130e0a2 HTTP 302
https://m.fg8dgt.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&ssp_uuid=3e77aaf8-8edd-49ad-9e66-d3898130e0a2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=108&expires=14&ssp=google&user_id=becc588d-ffd0-4459-a788-ffde2227d20e HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8&google_hm=Pneq-I7dSa2eZtOJgTDgog==

Request Chain 356

https://d5p.de17a.com/cookies/google?google_gid=CAESEFXFzP0mPdXCsttRuoH-buQ&google_cver=1&google_push=AYg5qPLRQco549G0v0OG1vugOmT0_A595IsZ4wNlU4fG8b12OuQkrxR5LJqwWRx26i5Nhtp4Iqi0UuZv71vopZMQ8qyDBKIoceBjVQ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEFXFzP0mPdXCsttRuoH-buQ&google_cver=1&google_push=AYg5qPLRQco549G0v0OG1vugOmT0_A595IsZ4wNlU4fG8b12OuQkrxR5LJqwWRx26i5Nhtp4Iqi0UuZv71vopZMQ8qyDBKIoceBjVQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLRQco549G0v0OG1vugOmT0_A595IsZ4wNlU4fG8b12OuQkrxR5LJqwWRx26i5Nhtp4Iqi0UuZv71vopZMQ8qyDBKIoceBjVQ

Request Chain 357

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEBHI8y8cLLJBX130r2rk5rA&google_cver=1&google_push=AYg5qPLyx9cuQILrDTq2AgJIMGSWdFeFkp2N-NGjrM8WGcwkcmigugzclosQty5XG8OHmybEd9WryIH-CP21JWjPGnb8EzqogejZrg HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPLyx9cuQILrDTq2AgJIMGSWdFeFkp2N-NGjrM8WGcwkcmigugzclosQty5XG8OHmybEd9WryIH-CP21JWjPGnb8EzqogejZrg&google_gid=CAESEBHI8y8cLLJBX130r2rk5rA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU2ODg3OTkyOTE2MDM4MzAzMDU4Mg%3D%3D&google_push=AYg5qPLyx9cuQILrDTq2AgJIMGSWdFeFkp2N-NGjrM8WGcwkcmigugzclosQty5XG8OHmybEd9WryIH-CP21JWjPGnb8EzqogejZrg

Request Chain 380

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F2plus2.ua%2F&domain=2plus2.ua&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=kbOz-3xpSlV0Z3NKdXJqSWxPeVR4L1lURCszMWc4ayttaCtTWHFEWDhjZ0RKaUhITUZpRFh3Z0EraU5oRHZveWNlWXR0N1U1dTN4R29kbWtYZ2xiRWQzVDlkdXExNUdmclQrTkVQbDNyWnZBSXpDajRSSE5haE5qMHV3ZU1FWktaekpROC9hdmNIczg0L2FwSEcvWldYTm5jYk1QZzVOK0t3UElOaDRmbjhITUphalhDVGY5Qmh1QlUzTzk1U2V3SDV1Z1VDc0hmZ1pUT0RkYVU3UEpQSmR4VFZhL0E5ZXMvSGZkSXVLajFHSUl0RytwbzQ3MjdFVDBQUjR5K3V0bU4zMmxLajNBMWhwUHB4OEY5eENoVFBUcWZKUT09fA&cppv=2

389 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
2plus2.ua/
Redirect Chain

http://2plus2.ua/
https://2plus2.ua/

129 KB
31 KB

559ms
326ms

Document
text/html

195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: a9fdd71ab96a164937ae6628f9ca78d786fa5e279c53804fd65c2acb89c49f95

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

Server: nginx
Date: Sat, 26 Feb 2022 18:48:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Cache-Control: no-cache, private
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Sat, 26 Feb 2022 18:48:28 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://2plus2.ua/

GET
H/1.1 200
OK app.css
2plus2.ua/css/ 158 KB
32 KB 87ms
87ms Stylesheet
text/css 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/css/app.css
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 39220571548b58ae78a03846bcd8621597323406610ca81923789635ee29e59d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Jan 2022 15:03:29 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=1209600
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 12 Mar 2022 18:48:28 GMT

GET
H/1.1 200
OK codes-initialization.js Show response
2plus2.ua/js/ 2 KB
1 KB 163ms
74ms Script
application/javascript 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/js/codes-initialization.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 0504d9f9a134a9acc6d5ffefacd131df9ed5ac7023d3c2aeecd48a4d0419a3e8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Oct 2021 08:57:18 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=1209600
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H/1.1 200
OK logo.svg
2plus2.ua/img/icons/ 574 B
883 B 232ms
73ms Image
image/svg+xml 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2plus2.ua/img/icons/logo.svg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: d3fd91ee62256b439f81a02c678e02a4ac665a52642a475e1cec17e5959db19b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Last-Modified: Wed, 19 Sep 2018 09:53:34 GMT
Server: nginx
Content-Type: image/svg+xml
Cache-Control: max-age=1209600
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 574
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H2 200 71e8b7bbfc31e6ed2315b7f2b1eb62be.jpg
images.1plus1.video/other-1/ 92 KB
92 KB 633ms
372ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/other-1/71e8b7bbfc31e6ed2315b7f2b1eb62be.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 7e69c435e22538279b8dfd15e6f47b0f31c64e8214584117f24fb75380d95c0d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Mon, 21 Feb 2022 16:13:50 GMT
server: nginx
etag: "71e8b7bbfc31e6ed2315b7f2b1eb62be"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 94274
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 c69a3d52f0b8788c419e23f00b5d030d.jpg
images.1plus1.video/other-1/ 46 KB
46 KB 615ms
354ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/other-1/c69a3d52f0b8788c419e23f00b5d030d.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: dac7ceb11836f6422ff3584925cff7e59e52906c1b7cd5dbb96b47513fce1453

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Thu, 04 Nov 2021 16:28:45 GMT
server: nginx
etag: "c69a3d52f0b8788c419e23f00b5d030d"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 47254
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 e4d68ae28e13c4d16e67843e0e444131.jpg
images.1plus1.video/other-1/ 91 KB
91 KB 469ms
208ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/other-1/e4d68ae28e13c4d16e67843e0e444131.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: cda10b066a0ce9d6c5d7fbc9751c61bb329d2a500935706c25a0c315b7cc39c8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Mon, 14 Feb 2022 14:04:09 GMT
server: nginx
etag: "e4d68ae28e13c4d16e67843e0e444131"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 93218
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 c557aa292eb920aadb734a9aa4f621b6.jpg
images.1plus1.video/other-1/ 16 KB
16 KB 555ms
294ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/other-1/c557aa292eb920aadb734a9aa4f621b6.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 348da5111bca0bbd3496741f16adc787592b6015bca4ffdbbf3ba0e408da2f8c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Thu, 04 Nov 2021 16:28:45 GMT
server: nginx
etag: "c557aa292eb920aadb734a9aa4f621b6"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 16208
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 31a8b4546a4a0d595a829be28a83e451.jpg
images.1plus1.video/other-1/ 22 KB
22 KB 353ms
155ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/other-1/31a8b4546a4a0d595a829be28a83e451.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 5f5844592a67688c09086296e94b9924627188a9239a2521601105b0956fb394

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Sat, 26 Feb 2022 11:34:31 GMT
server: nginx
etag: "b70190a473139a23e09474bccfc393f0"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 22667
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 f30777990f4fc267103668787178e4f0.jpg
images.1plus1.video/other-1/ 45 KB
45 KB 494ms
296ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/other-1/f30777990f4fc267103668787178e4f0.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 7987dfb3e33ffad7c3306b9451b7b70741364c5fa55326abf166f5cb02955fc5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 23 Feb 2022 12:49:48 GMT
server: nginx
etag: "00bf16dcd824b316ba37f1c41a1e3cbc"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 46208
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 f4cbd228c6bcda0b9e6308e72454473f.315x280.jpg
images.1plus1.video/news-1/41013/ 23 KB
23 KB 607ms
409ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/41013/f4cbd228c6bcda0b9e6308e72454473f.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 289304e01dc762af587b02ea8020775202009ee086015ddb190d4d0e9e8e0147

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Thu, 24 Feb 2022 12:56:00 GMT
server: nginx
etag: "6284e6d1df092b3a806a23819b83ab13"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 23108
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 617c6790f3fdad983569a449ebe5335c.315x280.jpg
images.1plus1.video/news-1/41004/ 8 KB
8 KB 552ms
353ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/41004/617c6790f3fdad983569a449ebe5335c.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 1c80257305f727b1498c8c5382e47843618492a3e4ddb98f88bda8ecec0ce136

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 23 Feb 2022 15:19:30 GMT
server: nginx
etag: "e9032bfc9c4edab6b9fc16709bcc01dc"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 7912
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 2343ca75e00a9530a6dd5a55a322b0cb.315x280.jpg
images.1plus1.video/news-1/41001/ 32 KB
32 KB 668ms
666ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/41001/2343ca75e00a9530a6dd5a55a322b0cb.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: d489b284c7a47477febf2027513819042357cfc2e4d95f74a00b6c30f993a1b9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 23 Feb 2022 14:46:47 GMT
server: nginx
etag: "d33ff43f6e17d5d8bbcdaa160977460d"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 32257
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 de4b365ba12b35631babe04bc9c744a1.315x280.jpg
images.1plus1.video/news-1/40995/ 28 KB
28 KB 667ms
664ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/40995/de4b365ba12b35631babe04bc9c744a1.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: de0b044b8051efc27e268d5528d8f8005af88ddc245b9e5f20f9803bcf662d91

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 23 Feb 2022 13:54:48 GMT
server: nginx
etag: "1fd62333e8f575fb85e292bc4c8afc1e"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 28211
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 85eae825a94d260c01a5cae9f0198f27.315x280.jpg
images.1plus1.video/news-1/40884/ 34 KB
34 KB 398ms
395ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/40884/85eae825a94d260c01a5cae9f0198f27.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 510a67c730ef5d87c7fabfa67f74a08313d55481ddb65499419625cda405335a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Mon, 21 Feb 2022 14:08:45 GMT
server: nginx
etag: "87e96bbf5cf40dec05cb91afe402e586"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 34829
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 0d19f6291eb800439018b4f888ad5532.315x280.jpg
images.1plus1.video/news-1/41010/ 22 KB
22 KB 660ms
657ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/41010/0d19f6291eb800439018b4f888ad5532.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: aecc96f3de933796f5772ae501e31041c53d95b8aafee098dbf3a5f567ad8513

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Thu, 24 Feb 2022 08:02:15 GMT
server: nginx
etag: "31a8b4546a4a0d595a829be28a83e451"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 22650
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 40a57c9c8903bd27390a50bef50aabec.315x280.jpg
images.1plus1.video/news-1/40941/ 24 KB
24 KB 665ms
662ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/40941/40a57c9c8903bd27390a50bef50aabec.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 3cdc46e0319bd839b2503911834600c1f9d9ce9cca46c00cf7c73cc35bb2fd98

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Tue, 22 Feb 2022 14:37:40 GMT
server: nginx
etag: "3c5c5bb88ab549adbbfbf72262cf4ced"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 24085
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 c154cc03822eed03a187449f29aed9cc.315x280.jpg
images.1plus1.video/news-1/40986/ 31 KB
31 KB 416ms
414ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/40986/c154cc03822eed03a187449f29aed9cc.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: a9ec6424882c9cc14db575e9d02cabe63dafb72d06af7faadb478bdfdf1e59ad

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 23 Feb 2022 11:59:25 GMT
server: nginx
etag: "7180a85779633b814e13fc5af2bc9b7f"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 31603
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 ba62b817c98229a30c376599f892ea52.jpg
images.1plus1.video/other-1/ 120 KB
120 KB 709ms
707ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/other-1/ba62b817c98229a30c376599f892ea52.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: cc3375dd4fc1132aec343d7bdb3409c71ceb390a6bdb7bee9098378ce88c2631

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 03 Nov 2021 14:56:23 GMT
server: nginx
etag: "177cd460d6914e63764826e89cb36dd2"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 122537
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 bae31f7841b2fa387fb41c86a3c2f089.315x280.jpg
images.1plus1.video/news-1/40938/ 21 KB
21 KB 656ms
654ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/40938/bae31f7841b2fa387fb41c86a3c2f089.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 108fd6650fcce3100649872e56770860a4ff836f69a3deb9f597c977c0d35d67

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Tue, 22 Feb 2022 14:23:57 GMT
server: nginx
etag: "0c354ac466126791ee0b8d6bd5dfd9ef"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 21302
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 5214a91c4cd76abd5f43886603fd4cc6.315x280.jpg
images.1plus1.video/news-1/40998/ 27 KB
27 KB 658ms
656ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/40998/5214a91c4cd76abd5f43886603fd4cc6.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 9cff4c52006370a91a7b3ab1ceecb12e448727dc8f8d89d86517c24d06df3abf

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 23 Feb 2022 14:05:51 GMT
server: nginx
etag: "d21fc71f20704e86b4a16fc4fd827193"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 27278
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 25b93f1405784b3123c5ea80c97097d5.315x280.jpg
images.1plus1.video/news-1/40989/ 28 KB
28 KB 421ms
418ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/news-1/40989/25b93f1405784b3123c5ea80c97097d5.315x280.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 5029534f790b8dbabf3b0a234d6742570ffae74098d29d1c4a7153d8297a8ffb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 23 Feb 2022 13:59:02 GMT
server: nginx
etag: "3fd07f2e83b2ed09b8de02aa754d6464"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 28670
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 9a5058bd954e39305ea3ca42fdcd186a.285x285.jpg
images.1plus1.video/card-5/ktBGOYx2/ 21 KB
21 KB 414ms
412ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/ktBGOYx2/9a5058bd954e39305ea3ca42fdcd186a.285x285.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 64018c36747d449e570f24cab8b3c9d1e9ea794cf06a288e5adafff3da652ab3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Fri, 18 Feb 2022 17:38:19 GMT
server: nginx
etag: "e087103a4d5306b33b4a26ca74f46a95"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 21081
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 f90d7f24621086ba471318342646e06b.285x285.jpg
images.1plus1.video/card-5/DagrnyGt/ 27 KB
27 KB 368ms
366ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/DagrnyGt/f90d7f24621086ba471318342646e06b.285x285.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ab913a87b721b324515eba65e3e6824a4eca503780e9deb7e4d375204c282e95

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Fri, 18 Feb 2022 17:27:39 GMT
server: nginx
etag: "ca4ef5c2e2792b2dfb7e7787c80e99f6"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 27722
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 8e8cb6e0f36b0d85cd8c6981e4eb4b31.285x285.jpg
images.1plus1.video/card-5/nRAVUWV2/ 30 KB
31 KB 391ms
389ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/nRAVUWV2/8e8cb6e0f36b0d85cd8c6981e4eb4b31.285x285.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 9fc647aa2ef1f6aa26e64231a4f860b77f8e5ca45ddb241de99581e1235df68d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 16 Feb 2022 16:37:24 GMT
server: nginx
etag: "da80bf2f888498741dc109276ffe8f47"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 31038
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 68536a5f7c4f28c824ac18907f67e6c0.285x285.jpg
images.1plus1.video/card-5/9CmkgJyR/ 25 KB
25 KB 660ms
657ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/9CmkgJyR/68536a5f7c4f28c824ac18907f67e6c0.285x285.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: bc963544c7b58831207820ca1f6aa75f0265843be105cab7b7c3744155616f3a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 16 Feb 2022 16:24:36 GMT
server: nginx
etag: "5bfc6a30c49959728c337dce58dda0a3"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 25395
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 cdce52f6d8885ef25314a4977eb592c8.490x300.jpg
images.1plus1.video/playlist-1/140731/ 98 KB
98 KB 697ms
694ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/140731/cdce52f6d8885ef25314a4977eb592c8.490x300.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: cb33386457609ed59866c61e2d9b0d4f4c3c5c6e2c7401c0a0a9fd8f5ff0c951

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Tue, 18 Jan 2022 14:42:46 GMT
server: nginx
etag: "8bbc0a9d2074e0f2861716372d19b7a8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 100315
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 8789930c322a5a2de04ad202edee81be.490x300.jpg
images.1plus1.video/playlist-1/145042/ 72 KB
72 KB 674ms
672ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/145042/8789930c322a5a2de04ad202edee81be.490x300.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 6da76e0407ac20e5be7f38f73d9eae1ffc3bd492aa79769c9d900613db9b5dd5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Tue, 18 Jan 2022 14:41:33 GMT
server: nginx
etag: "6fe6cd0165380ba7809f27a4e2029504"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 73347
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 5dc777c6a08b8536906fff608805f4ad.490x300.jpg
images.1plus1.video/playlist-1/70286/ 100 KB
100 KB 425ms
423ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/70286/5dc777c6a08b8536906fff608805f4ad.490x300.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e0f2bfbabb9841847f2a5b6e1a90ea85ed2cda2648ac0ced424a8e9769e38514

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 16 Jun 2021 15:26:13 GMT
server: nginx
etag: "61a7a9a574200a699aba40246cff75f8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 101953
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 73f64084c4b6012843a0ad4a723ab950.490x300.jpg
images.1plus1.video/playlist-1/93757/ 84 KB
84 KB 663ms
661ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/93757/73f64084c4b6012843a0ad4a723ab950.490x300.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: f375aaa522232e786256e11ddb093a95c35026397d3967ba0b66dd427d833a2e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Tue, 22 Jun 2021 07:50:02 GMT
server: nginx
etag: "3fcbb749663669f24ae1bf6426c6776a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 85576
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 d3374a1b77fa3b8ce94d5845e061d8f0.490x300.jpg
images.1plus1.video/playlist-1/4844/ 97 KB
97 KB 668ms
666ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/4844/d3374a1b77fa3b8ce94d5845e061d8f0.490x300.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 373deb961a720e1e159bdafc2ab4e9ad0478f910034025f667c92e21dbd0a044

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Tue, 18 Jan 2022 14:44:06 GMT
server: nginx
etag: "a8a6b117d153ff197675175afd73848d"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 99044
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 512ac948dba8c0ed8ed754631bb4084f.490x300.jpg
images.1plus1.video/playlist-1/5252/ 161 KB
161 KB 671ms
669ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/5252/512ac948dba8c0ed8ed754631bb4084f.490x300.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 10066841bfc9534e75adc9de3c5b8f027a6d4cf60e8cc53debef50491928e60d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Fri, 18 Jun 2021 07:37:16 GMT
server: nginx
etag: "f3aeeec15e404524760bdf792fd61b50"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 164699
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 7685b7308bb44288c4f399496048c4df.220x330.jpg
images.1plus1.video/playlist-1/945/ 59 KB
60 KB 425ms
423ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/945/7685b7308bb44288c4f399496048c4df.220x330.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 143f50225190e7a587d8e43d7504c7645b29f1dfb957eae82f59977a6cc35c98

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Thu, 20 Jan 2022 12:33:22 GMT
server: nginx
etag: "8bae3cce1b9ac9a8d0dc652c45b532de"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 60741
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 74a4f00b1034d1e5de44c52c5afaf1fd.220x330.jpg
images.1plus1.video/playlist-1/5312/ 32 KB
32 KB 658ms
657ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/5312/74a4f00b1034d1e5de44c52c5afaf1fd.220x330.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 564790a34f4bb222b6812e6c32b124320b3ccd5db9a922fcff71f72a4bd02673

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 19 Jan 2022 15:44:36 GMT
server: nginx
etag: "051dae29b6412985e0d02f1883f31c84"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 32599
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 d3374a1b77fa3b8ce94d5845e061d8f0.220x330.jpg
images.1plus1.video/playlist-1/4844/ 68 KB
68 KB 660ms
658ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/4844/d3374a1b77fa3b8ce94d5845e061d8f0.220x330.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 1ec70c7fb22a0abb4cf77eab8f2b4b3a5c674107b30f1bdf7f4d118a9c61e7da

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Tue, 18 Jan 2022 14:44:06 GMT
server: nginx
etag: "af334573b8e9890738512cd9a210350e"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 69740
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 5ee354d25b6e1328f52453b530bd859f.220x330.jpg
images.1plus1.video/playlist-1/46546/ 18 KB
19 KB 420ms
418ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/46546/5ee354d25b6e1328f52453b530bd859f.220x330.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e24ce462b090fdbb38af89384909309483db1a66bc0d1ce4a5141c4864467868

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 23 Feb 2022 11:06:28 GMT
server: nginx
etag: "7037a4d516fbc5445a7d1a251f1a5c6f"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 18756
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 c9b0c9a776f78f3b56b9024ff259bf6d.220x330.jpg
images.1plus1.video/playlist-1/5252/ 86 KB
87 KB 367ms
365ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/5252/c9b0c9a776f78f3b56b9024ff259bf6d.220x330.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ded40bc9b131ce8d897e8319b65b204d44da586ca44e661f3acc33cb6438b1f4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Wed, 19 Jan 2022 15:43:20 GMT
server: nginx
etag: "90f688b5780469424dc2f50e497a080f"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 88537
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H/1.1 200
OK footer-email.png
2plus2.ua/img/ 774 B
1 KB 168ms
75ms Image
image/png 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2plus2.ua/img/footer-email.png
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: c7571d58fa40f74107002e9991f3b84ca5da3aef2f9f366a7ddc27afb9a90dc0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Last-Modified: Tue, 29 Jan 2019 14:06:43 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=1209600
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 774
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H/1.1 200
OK ads.js Show response
2plus2.ua/js/ 19 B
351 B 138ms
74ms Script
application/javascript 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/js/ads.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: e029f52d3ee7b5d529e43509e78c8aad836f222e32a308e61360e3fddcec6320

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Last-Modified: Tue, 29 Jan 2019 14:06:43 GMT
Server: nginx
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=1209600
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 19
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
2plus2.ua/js/vendor/ 85 KB
35 KB 78ms
77ms Script
application/javascript 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/js/vendor/jquery-3.2.1.min.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Nov 2018 12:17:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=1209600
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H/1.1 200
OK owl.carousel.min.js Show response
2plus2.ua/js/vendor/ 42 KB
13 KB 180ms
174ms Script
application/javascript 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/js/vendor/owl.carousel.min.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Nov 2018 12:17:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=1209600
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H/1.1 200
OK jquery.mousewheel.min.js Show response
2plus2.ua/js/vendor/ 3 KB
2 KB 112ms
102ms Script
application/javascript 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/js/vendor/jquery.mousewheel.min.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Nov 2018 12:17:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=1209600
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H/1.1 200
OK jquery.mCustomScrollbar.concat.min.js Show response
2plus2.ua/js/vendor/ 44 KB
15 KB 181ms
105ms Script
application/javascript 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/js/vendor/jquery.mCustomScrollbar.concat.min.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: fd8027b53a97cbd5782e85c5908e563c39776703ff9279f50658e630927b4167

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Nov 2018 12:17:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=1209600
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H/1.1 200
OK app.js Show response
2plus2.ua/js/ 19 KB
7 KB 191ms
78ms Script
application/javascript 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://2plus2.ua/js/app.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: f76c9bd7fbdf9ac8175846d7d6664bf0946c38e0431c86468279303a79d9ed99

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Feb 2022 10:05:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=1209600
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H2 200 css2
fonts.googleapis.com/ 28 KB
2 KB 126ms
44ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9abe1a1a05cd73894d363ea5615445ba952f3976714f31ebc88cbadc24cd67a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Feb 2022 18:36:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 26 Feb 2022 18:48:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Feb 2022 18:48:29 GMT

GET
H2 200 hb_298309_11708.js Show response
player.adtcdn.com/prebidlink/457194/ 418 KB
122 KB 504ms
403ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a413998caea2de9f080ae6c2a12b5569e39e73d1405ba0f6c081b3b4c4d5503

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 15 Feb 2022 18:00:55 GMT
server: cloudflare
etag: W/"620bea57-686a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0ZD6hiYAvHyM1RVbnFf27NEFKK3HawtPzZXkIIQnS3RKCFfSkxp7AyFhTRqskIYzdFsYsIFhMQ2LORwoiikeLhlFK6jj54APctwC22iXsJnaoKqP8IOzdEyvcqRPOXI73U12nH062Z8rG0D6oCnWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=345600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e3b590fbfd20081-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 26 Feb 2022 19:03:29 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
28 KB 182ms
48ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

29d0be6d5c023f91ae850c1b8ae7ba90fe6c1bcfec723eb1cc5f498a0d8de09e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27820
x-xss-protection: 0
server: sffe
etag: "1143 / 497 of 1000 / last-modified: 1645830399"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 26 Feb 2022 18:48:29 GMT

GET
H2 200 wrapper_hb_298309_11708.js Show response
player.adtcdn.com/prebidlink/457194/ 787 B
1 KB 77ms
46ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtcdn.com/prebidlink/457194/wrapper_hb_298309_11708.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42d66f023bb368180a0b3fe8fb92af402514a0c335f3c16279c020398e6b9308

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 798
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 26 Feb 2022 18:21:50 GMT
server: cloudflare
etag: W/"621a6fbe-313"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eIGCh2aTFg0vtIxOtKMefJ1hpFfiQXQFnR6eO%2B4xpFmNsi%2BOq5HoJDl7xb5WGgBpfugdjKTuiWQrXjyom%2F7w5t3C4xjyPaUtwRw0Z4x0GTERyBq9TjVRXXd0f7mL7ht5tzeas0HIVYPBRJB%2F0IbdAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=345600
cf-ray: 6e3b590fbfd50081-LHR
expires: Sat, 26 Feb 2022 18:50:11 GMT

GET
H2 200 piwik.js Show response
assay.1plus1.ua/ 57 KB
23 KB 246ms
75ms Script
application/javascript 195.137.240.12
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL

https://assay.1plus1.ua/piwik.js

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/js/codes-initialization.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

195.137.240.12 , Ukraine, ASN29389 (ASN-UNIAN, UA),

Reverse DNS

assay.1plus1.ua

Software

nginx /

Resource Hash

714576ef1d7b58980b7658ae9b8b4d74a223fba87934dc442db4098873e179a3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Mon, 03 Jul 2017 15:36:13 GMT
server: nginx
etag: W/"595a646d-e3b1"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 168 KB
59 KB 135ms
51ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W2BBRKX

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/js/codes-initialization.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ccb8d6a155366613fa41c3846f6bb477dc6c678c8e747da0a1ba8e173f782b65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59777
x-xss-protection: 0
last-modified: Sat, 26 Feb 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Feb 2022 18:48:29 GMT

GET
H2 200 xgemius.js Show response
gaua.hit.gemius.pl/ 40 KB
11 KB 182ms
58ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/xgemius.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/js/codes-initialization.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: fb8ce03c389581661b57ca719e9ef48c4f7aa76efe3ecff14dbe600e1ffc3319

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: gzip
last-modified: Fri, 18 Feb 2022 08:43:58 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10838
expires: Sun, 27 Feb 2022 06:48:29 GMT

GET
H/1.1 200
OK api.gpt.js Show response
api.1plus1.video/static/js/ 12 KB
5 KB 291ms
68ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.gpt.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: f336a6da2e57a1dd5bcd42f29f901d5252438a16952e4577ebdb6e0871e812a0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Mon, 26 Jul 2021 13:10:14 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 28 Mar 2022 18:46:30 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu0SC55K5gw.woff2
fonts.gstatic.com/s/opensans/v27/ 20 KB
21 KB 220ms
117ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu0SC55K5gw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a2c8407b011bf0af8123c2160fc5b91ecf962e4039e82babbaaa630549c80f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://2plus2.ua
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 23 Feb 2022 05:38:35 GMT
x-content-type-options: nosniff
age: 306594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20876
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 05:38:35 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
fonts.gstatic.com/s/opensans/v27/ 39 KB
39 KB 166ms
62ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a83c3f260b750dfc47e4e5024eda4b4f80be0c0a3e0ae5111a3b0a799df64448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://2plus2.ua
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 23 Feb 2022 15:44:05 GMT
x-content-type-options: nosniff
age: 270264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39556
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:31:06 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 15:44:05 GMT

GET
H/1.1 200
OK GRsFFLJ2 Show response
1plus1.video/video/embed/ Frame 7057 10 KB
5 KB 387ms
102ms Document
text/html 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: ab9a12e6f18864b6142818a24d3c8c78f9e502ebed2fb3f7e9af11ecafdea085

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

Server: nginx
Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

GET
H/1.1 200
OK pattern.jpg
2plus2.ua/img/ 1 KB
2 KB 81ms
81ms Image
image/jpeg 195.137.240.82
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2plus2.ua/img/pattern.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/css/app.css
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.82 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: db1e8ca32d9160e5a98ebab86225e05e9b7557e38d27b0e30d994d4242aae414

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/css/app.css
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Last-Modified: Wed, 10 Oct 2018 15:20:08 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=1209600
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 1355
Expires: Sat, 12 Mar 2022 18:48:29 GMT

GET
H2 200 84eb4635012b1b359e05041e6252895f.custom.jpg
images.1plus1.video/card-5/GRsFFLJ2/ 207 KB
208 KB 663ms
661ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/GRsFFLJ2/84eb4635012b1b359e05041e6252895f.custom.jpg
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: a807058ebf08685df00ce02d8ba5b9c01d58ec625569ed97ebbee8ef4cb9ae76

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Tue, 22 Feb 2022 17:53:06 GMT
server: nginx
etag: "a26b357f7dd6d76cbff19976e9d757f9"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 212401
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:29 GMT
expires: Sat, 05 Mar 2022 18:48:29 GMT

GET
H2 200 vunit Show response
a4p.adpartner.pro/ 12 KB
3 KB 169ms
58ms Script
text/html 146.59.18.237
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/vunit?id=1412&0.4040430275816562
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.59.18.237 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-a61777d5.vps.ovh.net
Software: nginx /
Resource Hash: eaf2b6fdbfc35c3e362ef56ade03fca93de819e89f38358a8903bdf0c34df664

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
cache-control: no-store no-transform
server: nginx
content-encoding: br
content-type: text/html; charset=utf-8

GET
H2 200 hbw_master_298309_11708.js Show response
player.adtelligent.com/prebidlink/457194/ 146 KB
30 KB 110ms
46ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/457194/hbw_master_298309_11708.js
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/wrapper_hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 4d338bfc02367faa9afd75da60da83ec713038aaa351a07dc21c04d6ae81bc4b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 18:21:50 GMT
server: nginx
etag: W/"621a6fbe-24738"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 26 Feb 2022 19:48:29 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 pubads_impl_2022022302.js Show response
securepubads.g.doubleclick.net/gpt/ 363 KB
121 KB 38ms
37ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

c81e03e9977dae81a66597e7019e6b582bcb67a9c4add349b692804d7b3830d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 17:25:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4974
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124136
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 18:13:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 26 Feb 2023 17:25:35 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 87 B
108 B 89ms
45ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=2plus2.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

12dce315d1b30fafff70b92232490b5b1996e8bebc262cb96da11399f5101707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 83
x-xss-protection: 0
expires: Sat, 26 Feb 2022 18:48:29 GMT

GET
H2 200 vunit.min.js Show response
a4p.adpartner.pro/apstc/ 48 KB
12 KB 107ms
107ms Script
application/javascript 146.59.18.237
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/apstc/vunit.min.js?v=1.1.422
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/vunit?id=1412&0.4040430275816562
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.59.18.237 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-a61777d5.vps.ovh.net
Software: nginx /
Resource Hash: dc41a2546e6b5e28ddf2602393ecf0337cf32b46eefecea182a5e3a08f1edaff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
cache-control: no-store no-transform
last-modified: Tue, 15 Feb 2022 12:31:39 GMT
server: nginx
content-encoding: br
etag: W/"620b9d2b-c158"
content-type: application/javascript

GET
H2 204 tt
a4p.adpartner.pro/ Frame 8FAB 0
0 482ms
480ms Document
text/plain 146.59.18.237
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/tt?time=0&apuid=undefined&session_pageview=1&session_id=c6907a81-b056-4bfa-bdae-68b8b975989c&site_visited=1&location=https%3A%2F%2F2plus2.ua%2F&referer=
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/vunit?id=1412&0.4040430275816562
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.59.18.237 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-a61777d5.vps.ovh.net
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

server: nginx
date: Sat, 26 Feb 2022 18:48:30 GMT
cache-control: no-store no-transform

GET
H2 200 ls Show response
a4p.adpartner.pro/vunit/ Frame 4687 5 KB
2 KB 97ms
97ms Document
text/html 146.59.18.237
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/vunit/ls?vunit=1412&bannerNum=89366454219693740&apuid=c661a2c4-21aa-4466-a374-0162332acf5d&session_pageview=1&session_id=c6907a81-b056-4bfa-bdae-68b8b975989c&site_visited=1&location=https%3A%2F%2F2plus2.ua%2F
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/vunit?id=1412&0.4040430275816562
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.59.18.237 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-a61777d5.vps.ovh.net
Software: nginx /
Resource Hash: e17eaa48f9424540a73c3ab888a8994443dc6703ae56ee7d4fa66b8c142c2346

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

server: nginx
date: Sat, 26 Feb 2022 18:48:29 GMT
content-type: text/html; charset=utf-8
cache-control: no-store no-transform
content-encoding: br

GET
H2 200 fpdata.js Show response
gaua.hit.gemius.pl/ 278 B
392 B 56ms
54ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/fpdata.js?href=2plus2.ua
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 5ab16faeef01272fb598679d25ad7204e3d7efa13e7a2239dceb129f7702d3b9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 278
expires: Mon, 28 Mar 2022 18:48:29 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame B35C 5 KB
3 KB 189ms
67ms Document
text/html 146.59.30.108
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.108 , France, ASN16276 (OVH, FR),
Reverse DNS: ip108.ip-146-59-30.eu
Software: GHC /
Resource Hash: 95729c42a02da01f8e34d6c255971719f0d98215f0b3a712bb58276ada68fb4a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
expires: Mon, 28 Mar 2022 18:48:29 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2713
content-encoding: gzip

GET
H/1.1 200
OK ovva.0.3.0.css
1plus1.video/static/player/css/ Frame 7057 171 KB
26 KB 149ms
148ms Stylesheet
text/css 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/css/ovva.0.3.0.css?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 3dac64a94fcc4eae3c54f1f12824e9b82bebbec1acb3cb8b908f4ecc1f90e578

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Nov 2021 13:05:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 28 Mar 2022 18:47:07 GMT

GET
H/1.1 200
OK ovva.0.3.0.js Show response
1plus1.video/static/player/js/ Frame 7057 198 KB
69 KB 493ms
328ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 517d4417f1918881abb8b87e7be918ca95b9eb50de3a5ef4a46e2e39626aba7b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Jan 2022 10:01:09 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 28 Mar 2022 18:48:14 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 7057 94 KB
37 KB 73ms
73ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd52ec90fa47f732fb037d6f4a1bb77911238ca57ec25c2587fe71ff6c55be47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37519
x-xss-protection: 0
last-modified: Sat, 26 Feb 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Feb 2022 18:48:29 GMT

GET
H/1.1 200
OK / Show response
ghb.adtelligent.com/geo/ 125 B
367 B 101ms
22ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/geo/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457194/hbw_master_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: d2584c2f4bdc69a755732b678339b0f69b151ddc7aa7e4ee30a0a7eb8079bb2c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Access-Control-Allow-Origin: https://2plus2.ua
Date: Sat, 26 Feb 2022 18:48:29 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
Content-Length: 125
Content-Type: application/json

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ 43 B
403 B 101ms
22ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=298309&site_id=11708&full_page_url=https%3A%2F%2F2plus2.ua%2F&adid=4756f7.9p&features=16416&vpbv=N051&lifecycle_tte=1463
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457194/hbw_master_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Access-Control-Allow-Origin: https://2plus2.ua
Date: Sat, 26 Feb 2022 18:48:29 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 174 KB
64 KB 101ms
57ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KRRGZR24WG&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W2BBRKX

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a76cb8e76df2fa521cb8d7126edf5dad19537cd44bf25f8a82c6166e79084a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65237
x-xss-protection: 0
expires: Sat, 26 Feb 2022 18:48:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 114ms
36ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W2BBRKX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2617
date: Sat, 26 Feb 2022 18:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 26 Feb 2022 20:04:52 GMT

GET
H2

200

960ccfd6-74cb-4236-9230-f2f5d1c9d1c7_eu.js Show response
cdn.mouseflow.com/projects/
Redirect Chain

https://cdn.mouseflow.com/projects/960ccfd6-74cb-4236-9230-f2f5d1c9d1c7.js
https://cdn.mouseflow.com/projects/960ccfd6-74cb-4236-9230-f2f5d1c9d1c7_eu.js

53 KB
17 KB

64ms
63ms

Script
application/javascript

23.111.9.38
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mouseflow.com/projects/960ccfd6-74cb-4236-9230-f2f5d1c9d1c7_eu.js
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Server: 23.111.9.38 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 4a121bd1f6ae5669d04cb0b6f5cebd7264390473e782973ce9dc8e9b267f23e1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: gzip
last-modified: Sun, 13 Feb 2022 09:21:52 GMT
server: NetDNA-cache/2.2
etag: W/"e9c92723bb20d81:0"
x-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400

Redirect headers

location: https://cdn.mouseflow.com/projects/960ccfd6-74cb-4236-9230-f2f5d1c9d1c7_eu.js
date: Sat, 26 Feb 2022 18:48:29 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
content-length: 178
content-type: text/html

GET
H2 410 3674.js
script.crazyegg.com/pages/scripts/0068/ 0
0 129ms
52ms Script
application/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0068/3674.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W2BBRKX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
cf-cache-status: HIT
last-modified: Sat, 26 Feb 2022 01:24:17 GMT
server: cloudflare
age: 62652
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 6e3b59120a2d7723-LHR
content-length: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 123ms
48ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: D0GL3FA4sMJMyE01s+3RMCbLdd1GrFfj5o4GeVN07fQyd21Al0jLhdYabpgHXPAVcsXPwsCryTuqGUOsOCMlsg==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 26 Feb 2022 18:48:29 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 al26fychxj Show response
www.clarity.ms/tag/ 940 B
1 KB 378ms
217ms Script
application/x-javascript 2620:1ec:27::cafe:2277
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/al26fychxj
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:2277 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 47020d4510bed261a6aedd5dee9c1a543aa2347699c8c33da41fb1eb20563bb4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
x-powered-by: ASP.NET
x-azure-ref: 0/XUaYgAAAADVFk1I/R3DRr91R0K9Lq5hUkJBMzBFREdFMDgxMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
content-length: 940
expires: -1

GET
H2 200 piwik.php
assay.1plus1.ua/ 43 B
145 B 79ms
78ms Image
image/gif 195.137.240.12
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assay.1plus1.ua/piwik.php?action_name=2%2B2%20-%20%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD&idsite=6&rec=1&r=394073&h=18&m=48&s=29&url=https%3A%2F%2F2plus2.ua%2F&_id=92c3cfdf1e1d88d0&_idts=1645901310&_idvc=1&_idn=0&_refts=0&_viewts=1645901310&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=328

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

195.137.240.12 , Ukraine, ASN29389 (ASN-UNIAN, UA),

Reverse DNS

assay.1plus1.ua

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: none
server: nginx
content-length: 43
x-frame-options: SAMEORIGIN
content-type: image/gif

GET analytics.js
www.google-analytics.com/ Frame 4687 0
0

POST
H2 200 vunit Show response
a4p.adpartner.pro/ Frame 4687 3 KB
1 KB 60ms
60ms XHR
text/html 146.59.18.237
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/vunit?id=1412&session_id=c6907a81-b056-4bfa-bdae-68b8b975989c&session_pageview=1&site_visited=1
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/vunit/ls?vunit=1412&bannerNum=89366454219693740&apuid=c661a2c4-21aa-4466-a374-0162332acf5d&session_pageview=1&session_id=c6907a81-b056-4bfa-bdae-68b8b975989c&site_visited=1&location=https%3A%2F%2F2plus2.ua%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.59.18.237 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-a61777d5.vps.ovh.net
Software: nginx /
Resource Hash: 7e1e0e0c71366ac490efb2f72befff3b7f8f6f1075b10c687b98102aeeecf92d

Request headers

Referer: https://a4p.adpartner.pro/vunit/ls?vunit=1412&bannerNum=89366454219693740&apuid=c661a2c4-21aa-4466-a374-0162332acf5d&session_pageview=1&session_id=c6907a81-b056-4bfa-bdae-68b8b975989c&site_visited=1&location=https%3A%2F%2F2plus2.ua%2F
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-type: text/plain

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
cache-control: no-store no-transform
server: nginx
content-encoding: br
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK csyncs Show response
ghb.adtelligent.com/ 520 B
573 B 37ms
36ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/csyncs?aid1=607661&aid2=648466&aid3=648467&aid4=undefined
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457194/hbw_master_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 3b779fafc04f51dc3be8dc7fe165d400feda9627b3f00559c922aefe7628deb0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://2plus2.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 292

GET
H2 200 2plus2_mob.html Show response
vid4.tsn.ua/adv/Adpartner/ Frame A3D8 966 B
701 B 395ms
69ms Document
text/html 195.137.240.21
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vid4.tsn.ua/adv/Adpartner/2plus2_mob.html?adId=568755&unitId=1412&showId=89108342-d94a-48aa-91b0-bd2ee19b75d6&link=https%3A%2F%2Fa4p.adpartner.pro%2Fclick%2F1412%2F568755%2F89108342-d94a-48aa-91b0-bd2ee19b75d6%3Fdata%3DeyJjcmVhdGVkX2F0IjoxNjQ1OTAxMzA5LCJzaG93X2lkIjoiODkxMDgzNDItZDk0YS00OGFhLTkxYjAtYmQyZWUxOWI3NWQ2IiwiYWRfdW5pdF9pZCI6MTQxMiwicnVsZV9pZCI6MjQ1NjYsImFkX2lkIjo1Njg3NTUsImRhdGFfc291cmNlIjoiIiwicGxhdGZvcm1faWQiOjMsIm9zX2lkIjoxLCJicm93c2VyX2lkIjoxLCJjdXN0b21lcl9pZCI6ImM2NjFhMmM0LTIxYWEtNDQ2Ni1hMzc0LTAxNjIzMzJhY2Y1ZCIsInJlZ2lvbl9pZCI6MTEyLCJzdWJfcmVnaW9uX2lkIjowLCJjaXR5X2lkIjowLCJpc19yZWZyZXNoIjpmYWxzZX0%3D%26hash%3D3c856b1750b96520e3f2ee2da2449aaf&bannerNum=89366454219693740
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/apstc/vunit.min.js?v=1.1.422
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.21 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 7b946422d6cf65aacc59c2b505b7256d260886ce0b4120d358f4616f0ab8ca52

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

server: nginx
date: Sat, 26 Feb 2022 18:48:30 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Thu, 07 Feb 2019 16:57:22 GMT
expires: Sat, 26 Feb 2022 18:53:30 GMT
cache-control: max-age=300
x-1p1-cdn: HIT; Wed, 23 Feb 2022 02:14:15 GMT
content-encoding: gzip

GET
H2 204 match
dm.hybrid.ai/ 0
238 B 312ms
70ms Image
text/plain 37.18.16.16
HYBRID-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/match?id=186&burl=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D324902%26extuid%3D%24%7BVID%7D

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.18.16.16 , Russian Federation, ASN205675 (HYBRID-AS, RU),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: *
cache-control: no-cache, no-store
x-mode: 127
x-xss-protection: 1; mode=block
expires: -1

GET
H/1.1

200
OK

1px-matching-adtelligent.gif
t.trafmag.com/images/images/
Redirect Chain

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=d2da96f8c6a05439

35 B
351 B

97ms
34ms

Image
image/gif

193.200.65.5
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=d2da96f8c6a05439
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: HTTP/1.1
Server: 193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: t.trafmag.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:30 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

Redirect headers

Location: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=d2da96f8c6a05439
Date: Sat, 26 Feb 2022 18:48:30 GMT
Server: VertaMedia 1.0
Etag: d2da96f8c6a05439
Content-Length: 0

GET
H2 200 if Show response
a4p.adpartner.pro/tracker/ Frame 2F1C 0
139 B 97ms
92ms Document
image/gif 146.59.18.237
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/tracker/if?data=%257B%2522apuid%2522%253A%2522c661a2c4-21aa-4466-a374-0162332acf5d%2522%252C%2522event%2522%253A%2522load%2522%252C%2522ad_id%2522%253A%255B%257B%2522ad_id%2522%253A568755%252C%2522rule_id%2522%253A24566%252C%2522show_id%2522%253A%252289108342-d94a-48aa-91b0-bd2ee19b75d6%2522%257D%255D%252C%2522unit_id%2522%253A1412%252C%2522region_id%2522%253A112%252C%2522sub_region_id%2522%253A0%252C%2522city_id%2522%253A0%252C%2522apsid%2522%253A%252289108342-d94a-48aa-91b0-bd2ee19b75d6%2522%252C%2522url%2522%253A%2522https%25253A%25252F%25252F2plus2.ua%25252F%2522%257D
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.59.18.237 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-a61777d5.vps.ovh.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

server: nginx
date: Sat, 26 Feb 2022 18:48:29 GMT
content-type: image/gif
content-length: 0
cache-control: no-cache, no-store, must-revalidate no-store no-transform
expires: 0
pragma: no-cache

GET
H3 200 450887889857312 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 219ms
140ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/450887889857312?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f33a206a65c0da6c45927f5d39fccf771ca04c60dd412ce3f801bf26cc11e172

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: JeKHLn25PQJf21gzVslFRE6Ytr+utvf2UJb2HibLS5ul3ZES/tNJ6wD0IzjlPb3hy029pDovEP6k4d/LzryBqg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sat, 26 Feb 2022 18:48:30 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 175ms
91ms Ping
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-KRRGZR24WG&gtm=2oe2n0&_p=1936522573&sr=1600x1200&ul=en-us&cid=1789385656.1645901310&_s=1&dl=https%3A%2F%2F2plus2.ua%2F&dt=2%2B2%20-%20%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD&sid=1645901309&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KRRGZR24WG&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://2plus2.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 162ms
90ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1936522573&t=pageview&_s=1&dl=https%3A%2F%2F2plus2.ua%2F&ul=en-us&de=UTF-8&dt=2%2B2%20-%20%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=684323375&gjid=2131015991&cid=1789385656.1645901310&tid=UA-3838466-26&_gid=1107476374.1645901310&_r=1&gtm=2wg2n0W2BBRKX&z=131541426

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://2plus2.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 157ms
90ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1936522573&t=pageview&_s=1&dl=https%3A%2F%2F2plus2.ua%2F&ul=en-us&de=UTF-8&dt=2%2B2%20-%20%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAAC~&jid=835912334&gjid=1947816407&cid=1789385656.1645901310&tid=UA-113262294-1&_gid=1107476374.1645901310&_r=1&gtm=2wg2n0W2BBRKX&z=249985377

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://2plus2.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rexdot.js Show response
gaua.hit.gemius.pl/__/_1645901309966/
Redirect Chain

https://gaua.hit.gemius.pl/_1645901309966/rexdot.js?l=100&id=nGhLmYBVmH9lDxK8n6qDIKPertEG4oNkPFAhnpWOfo3.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F2plus2.ua%2...
https://gaua.hit.gemius.pl/__/_1645901309966/rexdot.js?l=100&id=nGhLmYBVmH9lDxK8n6qDIKPertEG4oNkPFAhnpWOfo3.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F2plus2.u...

169 B
477 B

157ms
156ms

Script
application/x-javascript

54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/__/_1645901309966/rexdot.js?l=100&id=nGhLmYBVmH9lDxK8n6qDIKPertEG4oNkPFAhnpWOfo3.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F2plus2.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=357&lsdata=e9aF8QRm05_c7ei3.Gcm5u8bvovchyguz9EkRFOcA3L.K71kQQG4McWAK68x9pDzYc6Sm1CZagZihjTPF4YcSjs5BOBo/RzDUfmslpGFcw/&fpdata=25sqqw61dn3TVBCg7DX8kaQuNJkmygLDoIY33rhUN4j..7&vis=1&fpcap=
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 99d7fb71f63831ed013b06f3ea5a32767a36ac5ef3347c2e5b197dbb01726e29

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 169
expires: Fri, 25 Feb 2022 18:48:30 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:29 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1645901309966/rexdot.js?l=100&id=nGhLmYBVmH9lDxK8n6qDIKPertEG4oNkPFAhnpWOfo3.H7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F2plus2.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=357&lsdata=e9aF8QRm05_c7ei3.Gcm5u8bvovchyguz9EkRFOcA3L.K71kQQG4McWAK68x9pDzYc6Sm1CZagZihjTPF4YcSjs5BOBo/RzDUfmslpGFcw/&fpdata=25sqqw61dn3TVBCg7DX8kaQuNJkmygLDoIY33rhUN4j..7&vis=1&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Fri, 25 Feb 2022 18:48:29 GMT

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/298308/ 4 KB
2 KB 148ms
30ms XHR
application/json 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/298308/config.json?cb=https%3A%2F%2F2plus2.ua%2F
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: d62f588f5981178d1df3665467f00032c561084d05f2e5bf142f56f3aa065e0a

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
last-modified: Sat, 26 Feb 2022 12:01:09 GMT
server: nginx
etag: W/"621a1685-1175"
content-type: application/json
access-control-allow-origin: https://2plus2.ua
expires: Sat, 26 Feb 2022 19:48:30 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
938 B 179ms
32ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1113608
x-amz-request-id: tx8a9eacc7b532418f8d353-00620977f5
x-amz-id-2: tx8a9eacc7b532418f8d353-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=goejUWnXB09msPbs2ED5h60Zm3%2BM11a7vE2ueT20k8xLHavjUZLD0luP2H4HA2QHyhSAHeC%2Fo3bgVIsJvEEZDa2PjiTJCiNYifPDARt5NTierTpnSUfGMNhxq76lvta1CnOSg1Yl6AHyXzuW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6e3b5914784275cc-LHR

POST prebid
ib.adnxs.com/ut/v3/ 0
0

GET
H2

200

ROS Show response
pbjs.e-planning.net/hb/1/2e43c/1/2plus2.ua/
Redirect Chain

https://pbjs.e-planning.net/pbjs/1/2e43c/1/2plus2.ua/ROS?rnd=0.5685174479888675&e=2000x1300_0%3A2000x1300%2B300x250_0%3A300x250%2B300x600_0%3A300x600%2B1440x180_0%3A1440x180&ur=https%3A%2F%2F2plus2...
https://pbjs.e-planning.net/hb/1/2e43c/1/2plus2.ua/ROS?ct=1&r=pbjs&rnd=0.5685174479888675&e=2000x1300_0%3A2000x1300%2B300x250_0%3A300x250%2B300x600_0%3A300x600%2B1440x180_0%3A1440x180&ur=https%3A%2...

445 B
856 B

32ms
32ms

XHR
application/json

46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/hb/1/2e43c/1/2plus2.ua/ROS?ct=1&r=pbjs&rnd=0.5685174479888675&e=2000x1300_0%3A2000x1300%2B300x250_0%3A300x250%2B300x600_0%3A300x600%2B1440x180_0%3A1440x180&ur=https%3A%2F%2F2plus2.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2F2plus2.ua%2F&e_pubcid=62664075-05dc-4570-b7cb-c6d981958861
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Server: 46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 4f0f883f0889c1e3647236b51c61a4fb91eb38bd7bac32da9d0c387c2268051b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://2plus2.ua
expires: Sat, 26 Feb 2022 18:48:30 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 445
x-sid: AMS-731

Redirect headers

date: Sat, 26 Feb 2022 18:48:30 GMT
server: openresty
access-control-allow-origin: https://2plus2.ua
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2e43c/1/2plus2.ua/ROS?ct=1&r=pbjs&rnd=0.5685174479888675&e=2000x1300_0%3A2000x1300%2B300x250_0%3A300x250%2B300x600_0%3A300x600%2B1440x180_0%3A1440x180&ur=https%3A%2F%2F2plus2.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2F2plus2.ua%2F&e_pubcid=62664075-05dc-4570-b7cb-c6d981958861
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-731

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

POST adjson
ads.betweendigital.com/ 0
0

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 480 B
451 B 51ms
51ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: cc232ba48f33edea938abf418e1d229b890994450faad289502a4badee078131

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://2plus2.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 170

POST
H/1.1 200
OK prebid.1.2.aspx Show response
inv-nets.admixer.net/ 42 B
499 B 136ms
44ms XHR
text/javascript 146.0.227.109
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/prebid.1.2.aspx

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

c979ffd70003be58ccc574778b78d9303e8b5b3494a6cdeb01449d65a5a815e6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Feb 2022 18:48:30 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://2plus2.ua
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 42
X-Xss-Protection: 0

POST c
prebid.a-mo.net/a/ 0
0

POST i
ads.adnuntius.delivery/ 0
0

POST
H/1.1 200
OK / Show response
ghb1.adtelligent.com/v2/auction/ 3 KB
727 B 143ms
24ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb1.adtelligent.com/v2/auction/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: ef9a67860250ef34c7466bcf27fe1ddc29f4a1087f29a6329ee3e50cdf444d13

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://2plus2.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 446

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

GET
H2 200 arj Show response
adtelligent-d.openx.net/w/1.0/ 73 B
374 B 147ms
35ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adtelligent-d.openx.net/w/1.0/arj?ju=https%3A%2F%2F2plus2.ua%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=3bd2c975-63d6-4e1c-a450-48b38fd76848%2Ccd480d54-c894-40c7-96b9-7767e1457333%2C7914e3b8-e1e9-4ce4-8805-bcd3cbc16fff%2C3ab359be-368e-40fc-9c24-f619d6485c9f&nocache=1645901310057&pubcid=62664075-05dc-4570-b7cb-c6d981958861&schain=1.0%2C1!adtelligent.com%2C298309%2C1%2C%2C%2C&aus=2000x1300%7C300x250%7C300x600%7C1440x180&divids=div-gpt-ad-1563887551234-0%2Cad-slot-1%2Cad-slot-2%2Cgpt-5335b9a5-2db5-4709-837b-6a5dfdd13b2e&aucs=%2C%2C%2C&auid=541177132%2C541177132%2C541177132%2C541177132
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: d57826fe6fa26d7908be0ec030bdcee8920759ef5088c48caa999b022a336f9b

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://2plus2.ua
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
750 B 167ms
53ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2a3e8a315920d6476787999650f0821f0102f07d7436f298cd5d191d19f244d

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
x-warn: Validating the Prebid Request adunits. No supported banner or video size for adUnit: div-gpt-ad-1563887551234-0, Validating the Prebid Request adunits. No supported banner or video size for adUnit: gpt-5335b9a5-2db5-4709-837b-6a5dfdd13b2e
content-encoding: gzip
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://2plus2.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6e3b5914ad5cf433-LHR
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
111 B 226ms
78ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
171 B 119ms
40ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
210 B 159ms
33ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.7.0-pre&cb=38203534631

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://2plus2.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 200 bid Show response
a4p.adpartner.pro/hb/ 3 B
249 B 70ms
70ms XHR
application/json 146.59.18.237
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/hb/bid?tag=8047&sizes=1440x180&referer=https%3A%2F%2F2plus2.ua%2F
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.59.18.237 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-a61777d5.vps.ovh.net
Software: nginx /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:30 GMT
cache-control: no-store no-transform
access-control-allow-credentials: true
server: nginx
content-length: 3
content-type: application/json

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
356 B 139ms
43ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://2plus2.ua
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

GET
H2 200 clarity.js Show response
i.clarity.ms/s/0.6.32/ 53 KB
23 KB 374ms
103ms Script
application/javascript 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/s/0.6.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/al26fychxj
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
content-encoding: br
etag: "1d8191fe855c690"
last-modified: Thu, 03 Feb 2022 17:03:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=9FF7084B4D35460FBF0A5C36579535A3&RedC=c.clarity.ms&MXFR=21D3B8901E516AB2363AA9C71A5164F3
https://c.clarity.ms/c.gif?CtsSyncId=9FF7084B4D35460FBF0A5C36579535A3&MUID=2E6E88BFD32165660C6899E8D27964EA

42 B
391 B

40ms
40ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=9FF7084B4D35460FBF0A5C36579535A3&MUID=2E6E88BFD32165660C6899E8D27964EA
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
last-modified: Fri, 18 Feb 2022 21:27:03 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "7f9eac45e25d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B232D7F05ED9483D8039A7F690FFD4BB Ref B: MAN30EDGE0608 Ref C: 2022-02-26T18:48:30Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=9FF7084B4D35460FBF0A5C36579535A3&MUID=2E6E88BFD32165660C6899E8D27964EA
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
440 B 114ms
31ms XHR
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3838466-26&cid=1789385656.1645901310&jid=684323375&gjid=2131015991&_gid=1107476374.1645901310&_u=YADAAAAAAAAAAC~&z=1487046174

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 26 Feb 2022 18:48:30 GMT
content-type: text/plain
access-control-allow-origin: https://2plus2.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 91ms
34ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 67257
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: txadc4f49e0fa44bfcb1713-006209797a
x-amz-id-2: txadc4f49e0fa44bfcb1713-006209797a
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YH5U8owbZdnmsg5pRlYD9fw4Dh1hqRQZBhvXVyAmkOPdy42n6EGm5BVa4%2BDFLpqGU3kvtPIssNA3Ox062f6tHo0nMhbvE%2ByTehx885hQX7Q2Z52tlPbjkzdE3ONGfor0iuaKAE8dt5oL9qlE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6e3b5915080f75a1-LHR
access-control-allow-headers: Authorization

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 116ms
37ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=450887889857312&ev=PageView&dl=https%3A%2F%2F2plus2.ua%2F&rl=&if=false&ts=1645901310199&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1645901310198.1410310424&it=1645901309873&coo=false&rqm=GET

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Sat, 26 Feb 2022 18:48:30 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 137ms
58ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3838466-26&cid=1789385656.1645901310&jid=684323375&_u=YADAAAAAAAAAAC~&z=780041747

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
501 B 139ms
60ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3838466-26&cid=1789385656.1645901310&jid=684323375&_u=YADAAAAAAAAAAC~&z=780041747

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 g_pbto
1x1.a-mo.net/hbx/ 0
89 B 294ms
95ms Image
text/plain 34.231.128.63
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1x1.a-mo.net/hbx/g_pbto?A=undefined&bid=undefined&a=undefined&cn=undefined&aud=undefined&ts=1645901310242&eid=159c0fbcbc6510e2
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.231.128.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-231-128-63.compute-1.amazonaws.com
Software: MonetEngine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
cache-control: max-age=0, private, must-revalidate
server: MonetEngine

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 135ms
43ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=2plus2.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 128ms
43ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=2plus2.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 132 KB
37 KB 411ms
411ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4131258251116565&correlator=2459340999239459&output=ldjh&impl=fifs&eid=31064150%2C31064836%2C31064957%2C31065323%2C44757101&vrg=2022022302&ptt=17&sc=1&sfv=1-0-38&ecs=20220226&iu_parts=82479101%2C2plus2.ua%2CBranding%2C2plus2_300x250%2C2plus2_300x600_2%2Ccatfish&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5&prev_iu_szs=2000x1300%2C300x250%2C300x600%2C1440x180&prev_scp=Project_2plus2%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_2plus2%3DOther%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_2plus2%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_2plus2%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&cookie_enabled=1&bc=31&abxe=1&dt=1645901310256&lmt=1645901310&dlt=1645901308935&idt=715&frm=20&biw=1600&bih=1200&oid=2&adxs=-200%2C992%2C1015%2C-12245933&adys=50%2C645%2C1025%2C-12245933&ucis=1%7C2%7C3%7C4&adks=3753537382%2C3937908213%2C3276604062%2C4136652780&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2F2plus2.ua%2F&vis=1&scr_x=0&scr_y=0&psz=2000x-1%7C300x250%7C300x600%7C1600x-1&msz=2000x-1%7C300x0%7C300x0%7C0x-1&ga_vid=1789385656.1645901310&ga_sid=1645901310&ga_hid=1936522573&ga_fc=true&fws=516%2C4%2C4%2C644&ohw=1600%2C300%2C300%2C1600&btvi=0%7C0%7C0%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

af77539efcf300e5adb7b82eff41e1bcb68b9e6335b910ca097dcb1ee20c925d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37668
x-xss-protection: 0
google-lineitem-id: -2,-1,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://2plus2.ua
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7BD0 6 KB
4 KB 150ms
44ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 26 Feb 2022 18:48:30 GMT
expires: Sun, 26 Feb 2023 18:48:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame A3D8 81 KB
27 KB 121ms
43ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: vid4.tsn.ua
URL: https://vid4.tsn.ua/adv/Adpartner/2plus2_mob.html?adId=568755&unitId=1412&showId=89108342-d94a-48aa-91b0-bd2ee19b75d6&link=https%3A%2F%2Fa4p.adpartner.pro%2Fclick%2F1412%2F568755%2F89108342-d94a-48aa-91b0-bd2ee19b75d6%3Fdata%3DeyJjcmVhdGVkX2F0IjoxNjQ1OTAxMzA5LCJzaG93X2lkIjoiODkxMDgzNDItZDk0YS00OGFhLTkxYjAtYmQyZWUxOWI3NWQ2IiwiYWRfdW5pdF9pZCI6MTQxMiwicnVsZV9pZCI6MjQ1NjYsImFkX2lkIjo1Njg3NTUsImRhdGFfc291cmNlIjoiIiwicGxhdGZvcm1faWQiOjMsIm9zX2lkIjoxLCJicm93c2VyX2lkIjoxLCJjdXN0b21lcl9pZCI6ImM2NjFhMmM0LTIxYWEtNDQ2Ni1hMzc0LTAxNjIzMzJhY2Y1ZCIsInJlZ2lvbl9pZCI6MTEyLCJzdWJfcmVnaW9uX2lkIjowLCJjaXR5X2lkIjowLCJpc19yZWZyZXNoIjpmYWxzZX0%3D%26hash%3D3c856b1750b96520e3f2ee2da2449aaf&bannerNum=89366454219693740

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96f357d9c1ce4b2b4bdb683cc4c0d73de11f8f1e20fd5f602cdc39941192a74d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27405
x-xss-protection: 0
server: sffe
etag: "1143 / 474 of 1000 / last-modified: 1645830399"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 26 Feb 2022 18:48:30 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
210 B 78ms
78ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.7.0-pre&cb=24499699970

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Feb 2022 18:48:29 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://2plus2.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
356 B 37ms
37ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://2plus2.ua
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

GET
H2 200 ROS Show response
pbjs.e-planning.net/pbjs/1/2e43c/1/2plus2.ua/ 433 B
750 B 36ms
32ms XHR
application/json 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/pbjs/1/2e43c/1/2plus2.ua/ROS?rnd=0.5685174479888675&e=2000x1300_0%3A2000x1300%2B300x250_0%3A300x250%2B300x600_0%3A300x600%2B1440x180_0%3A1440x180&ur=https%3A%2F%2F2plus2.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2F2plus2.ua%2F&e_pubcid=62664075-05dc-4570-b7cb-c6d981958861
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: fa6b6e3804d27952e60bba62059b44a9aa470d384da576e1af8499d358733b5d

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://2plus2.ua
expires: Sat, 26 Feb 2022 18:48:30 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 433
x-sid: AMS-731

POST
H2 200 adjson Show response
ads.betweendigital.com/ 2 B
905 B 80ms
77ms XHR
application/json 23.111.200.118
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.111.200.118 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://2plus2.ua
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

POST
H/1.1 200
OK / Show response
ghb2.adtelligent.com/v2/auction/ 3 KB
716 B 165ms
23ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb2.adtelligent.com/v2/auction/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 82f590648cbf9c39fc8f1f80436c424f2fb91afe6b38097a676810ea333d08db

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://2plus2.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 435

GET
H3 200 arj Show response
adtelligent-d.openx.net/w/1.0/ 72 B
100 B 67ms
33ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adtelligent-d.openx.net/w/1.0/arj?ju=https%3A%2F%2F2plus2.ua%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=436f9f22-dcb7-436d-9bdb-9337a313721e%2Cc8e91644-33bd-4dbe-8477-3b5a326dadb7%2C141dc0e4-3013-4a5f-ae0a-34f866c189b8%2C46edf9b8-bb61-4919-8428-99227e47a232&nocache=1645901310282&pubcid=62664075-05dc-4570-b7cb-c6d981958861&schain=1.0%2C1!adtelligent.com%2C298309%2C1%2C%2C%2C&aus=2000x1300%7C300x250%7C300x600%7C1440x180&divids=div-gpt-ad-1563887551234-0%2Cad-slot-1%2Cad-slot-2%2Cgpt-5335b9a5-2db5-4709-837b-6a5dfdd13b2e&aucs=%2C%2C%2C&auid=541177132%2C541177132%2C541177132%2C541177132
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 8125632f7d09f54a0bd0c7fcfdfd83db31bdf5b98f0df5c47ef076de58ddd1d6

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://2plus2.ua
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 176ms
72ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48106&zone_id=2153570&size_id=15&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=62664075-05dc-4570-b7cb-c6d981958861%5E1&rf=https%3A%2F%2F2plus2.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=c8e91644-33bd-4dbe-8477-3b5a326dadb7&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9553493491079645
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: a6a5400cc81606f1841ebf726aa93caa9b340be4f2890f62e815b96ba51b7fe4

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:30 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://2plus2.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 181ms
70ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=15&eid_pubcid.org=62664075-05dc-4570-b7cb-c6d981958861%5E1&rf=https%3A%2F%2F2plus2.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=c8e91644-33bd-4dbe-8477-3b5a326dadb7&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.14346583935276835
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 16b94ae40b3d349446072ea7d270fbb0843032a5b4e5c916ed59e7bff2cc8f9c

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:30 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://2plus2.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 485 B
451 B 26ms
24ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3326dd93f98b5c7fae67bf12a01e7f006abce9f1bba34d8ef5e1b9ca3679da6

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Feb 2022 18:48:29 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://2plus2.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 170

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
171 B 41ms
38ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 200 bid Show response
a4p.adpartner.pro/hb/ 3 B
249 B 58ms
55ms XHR
application/json 146.59.18.237
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/hb/bid?tag=8047&sizes=1440x180&referer=https%3A%2F%2F2plus2.ua%2F
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.59.18.237 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-a61777d5.vps.ovh.net
Software: nginx /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:30 GMT
cache-control: no-store no-transform
access-control-allow-credentials: true
server: nginx
content-length: 3
content-type: application/json

POST
H/1.1 200
OK prebid.1.2.aspx Show response
inv-nets.admixer.net/ 42 B
499 B 49ms
48ms XHR
text/javascript 146.0.227.109
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/prebid.1.2.aspx

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

c979ffd70003be58ccc574778b78d9303e8b5b3494a6cdeb01449d65a5a815e6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Feb 2022 18:48:30 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://2plus2.ua
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 42
X-Xss-Protection: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
55 B 97ms
95ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST prebid
ib.adnxs.com/ut/v3/ 0
0

POST c
prebid.a-mo.net/a/ 0
0

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
179 B 50ms
50ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f01c67334edaf9c3888d6f2198ab1390b86a2434a2826fa8271347bf1f56b31b

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
x-warn: Validating the Prebid Request adunits. No supported banner or video size for adUnit: div-gpt-ad-1563887551234-0, Validating the Prebid Request adunits. No supported banner or video size for adUnit: gpt-5335b9a5-2db5-4709-837b-6a5dfdd13b2e
content-encoding: gzip
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://2plus2.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6e3b59156e83f433-LHR
expires: 0

POST i
ads.adnuntius.delivery/ 0
0

POST prebid
ib.adnxs.com/ut/v3/ 0
0

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 127ms
57ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 27 Feb 2022 18:48:30 GMT

GET
H3 200 pubads_impl_2022022201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame A3D8 364 KB
122 KB 36ms
36ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

2b533fe5c53324b1ed9a449bbd2d899930396f3b03b05b4c06ee83dd98879074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 15:49:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10743
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125154
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 09:34:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 26 Feb 2023 15:49:27 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 90 KB
28 KB 97ms
37ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 27 Feb 2022 18:48:30 GMT

GET
H/1.1 200
OK l.js Show response
api.1plus1.video/u/ Frame 7057 898 B
2 KB 86ms
85ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/u/l.js?p=5312&l=ua&f=0&auth=1&login_profile=1&_t=1645901310456
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 89c4db4b9b0cf0de71fd82b491e748649118c979edde3c52bcdc8ecb6184a3a7

Request headers

Referer: https://1plus1.video/
Origin: https://1plus1.video
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:30 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://1plus1.video
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 7057 117 KB
43 KB 44ms
43ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WPC3Q76

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e478dae2d52ddad3047f7272d5471ca2144c749224c62a312c7c47eb9b7aae27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43971
x-xss-protection: 0
last-modified: Sat, 26 Feb 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Feb 2022 18:48:30 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 7057 49 KB
20 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2618
date: Sat, 26 Feb 2022 18:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 26 Feb 2022 20:04:52 GMT

GET
H2 204 g_pbto
1x1.a-mo.net/hbx/ 0
88 B 95ms
95ms Image
text/plain 34.231.128.63
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1x1.a-mo.net/hbx/g_pbto?A=undefined&bid=undefined&a=undefined&cn=undefined&aud=undefined&ts=1645901310477&eid=1601778add20393
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.231.128.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-231-128-63.compute-1.amazonaws.com
Software: MonetEngine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
cache-control: max-age=0, private, must-revalidate
server: MonetEngine

GET
H/1.1 200
OK api.auth.0.0.5.js Show response
api.1plus1.video/static/js/ Frame 7057 108 KB
33 KB 140ms
140ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f
Requested by: Host: api.1plus1.video
URL: https://api.1plus1.video/u/l.js?p=5312&l=ua&f=0&auth=1&login_profile=1&_t=1645901310456
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 8165f4a5140073c78234701b5d072f13769cd7811eec3fdadd90f190e1c49525

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Jan 2022 10:01:09 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 28 Mar 2022 18:47:56 GMT

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ Frame A3D8 107 B
122 B 98ms
53ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=vid4.tsn.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame A3D8 107 B
122 B 98ms
52ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vid4.tsn.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A3D8 28 KB
11 KB 388ms
388ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3760899305414281&correlator=3791015268655368&output=ldjh&impl=fifs&eid=31064957%2C31065291%2C31065295%2C31065297%2C31065322&vrg=2022022201&ptt=17&sc=1&sfv=1-0-38&ecs=20220226&iu_parts=82479101%2C2plus2.ua%2Ccontent_600x350_mob&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=4&cdm=vid4.tsn.ua&bc=31&abxe=1&dt=1645901310584&lmt=1549558642&dlt=1645901310228&idt=338&ea=0&frm=24&biw=-12245933&bih=-12245933&oid=2&adxs=0&adys=0&ucis=8kgcxquyk7ra&adks=3138916894&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Fvid4.tsn.ua%2Fadv%2FAdpartner%2F2plus2_mob.html%3FadId%3D568755%26unitId%3D1412%26showId%3D89108342-d94a-48aa-91b0-bd2ee19b75d6%26link%3Dhttps%253A%252F%252Fa4p.adpartner.pro%252Fclick%252F1412%252F568755%252F89108342-d94a-48aa-91b0-bd2ee19b75d6%253Fdata%253DeyJjcmVhdGVkX2F0IjoxNjQ1OTAxMzA5LCJzaG93X2lkIjoiODkxMDgzNDItZDk0YS00OGFhLTkxYjAtYmQyZWUxOWI3NWQ2IiwiYWRfdW5pdF9pZCI6MTQxMiwicnVsZV9pZCI6MjQ1NjYsImFkX2lkIjo1Njg3NTUsImRhdGFfc291cmNlIjoiIiwicGxhdGZvcm1faWQiOjMsIm9zX2lkIjoxLCJicm93c2VyX2lkIjoxLCJjdXN0b21lcl9pZCI6ImM2NjFhMmM0LTIxYWEtNDQ2Ni1hMzc0LTAxNjIzMzJhY2Y1ZCIsInJlZ2lvbl9pZCI6MTEyLCJzdWJfcmVnaW9uX2lkIjowLCJjaXR5X2lkIjowLCJpc19yZWZyZXNoIjpmYWxzZX0%253D%2526hash%253D3c856b1750b96520e3f2ee2da2449aaf%26bannerNum%3D89366454219693740&ref=https%3A%2F%2F2plus2.ua%2F&top=https%3A%2F%2F2plus2.ua%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x0&ga_vid=1909217018.1645901311&ga_sid=1645901311&ga_hid=1361776097&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e7d9d5249fdad35bd84dd519a414bf0314959d0abc37ff55b9b1f33045855197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11647
x-xss-protection: 0
google-lineitem-id: 5926892386
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138381690026
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://vid4.tsn.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
5bdcc61aee8ff472b3520748fee18efa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 357F 6 KB
3 KB 68ms
51ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5bdcc61aee8ff472b3520748fee18efa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 26 Feb 2022 18:48:30 GMT
expires: Sun, 26 Feb 2023 18:48:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EB8C 6 KB
3 KB 85ms
38ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:48:30 GMT
expires: Sun, 26 Feb 2023 18:48:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9BDE 6 KB
3 KB 79ms
36ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:48:30 GMT
expires: Sun, 26 Feb 2023 18:48:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202072236000/ Frame 22B2 220 KB
61 KB 155ms
35ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 82552
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61519
x-xss-protection: 0
server: sffe
date: Fri, 25 Feb 2022 19:52:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "609f9f524fc23ab6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 25 Feb 2023 19:52:38 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 22B2 16 KB
6 KB 217ms
97ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 82552
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5708
x-xss-protection: 0
server: sffe
date: Fri, 25 Feb 2022 19:52:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4c9170e21c83610c"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 25 Feb 2023 19:52:38 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 22B2 96 KB
29 KB 223ms
103ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 82552
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29623
x-xss-protection: 0
server: sffe
date: Fri, 25 Feb 2022 19:52:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f660f99fdfd5d6c6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 25 Feb 2023 19:52:38 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 22B2 5 KB
2 KB 237ms
117ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 82552
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1844
x-xss-protection: 0
server: sffe
date: Fri, 25 Feb 2022 19:52:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0f41eb8e6d0a727"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 25 Feb 2023 19:52:38 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 22B2 42 KB
13 KB 238ms
118ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 82552
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13623
x-xss-protection: 0
server: sffe
date: Fri, 25 Feb 2022 19:52:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "14164defe327400f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 25 Feb 2023 19:52:38 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 22B2 5 KB
677 B 90ms
45ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

def453926bf1e0d62bf8a4cf5c409dd333a049f547e470a509cc738bede438c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Feb 2022 18:22:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 26 Feb 2022 18:48:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Feb 2022 18:48:30 GMT

GET
H2 200 uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 22B2 3 KB
3 KB 120ms
38ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/uk.png

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 04:23:55 GMT
x-content-type-options: nosniff
server: cafe
age: 51875
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14587847488922671356
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3073
x-xss-protection: 0
expires: Sun, 27 Feb 2022 04:23:55 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 22B2 344 B
806 B 119ms
38ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 6565
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sun, 27 Feb 2022 16:59:05 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 22B2 0
0 65ms
65ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CyxKf_nUaYu2gFJ-wx_APoLqlMIz2pLdoo8OF3IUP3NkeEAEg_f-FI2C7hoCA0AqgAZXMo80CyAEJqQIdH9rT2umyPuACAKgDAcgDCqoE4gFP0MuHkBRE35aYjeVVsxWyny11ujODGa7sdhoJjyWTC8NUYxT6yHSi9N-jnTBJpqWF5xxiTaf-ZG81hFd6pHgXtysYQU9OTpwtigFAhEp4nyrqL9pCkgMFYBzOWSDFWVO7NiyI9pyG0J6RFT0XabOh7tZ2AytOaxKozKftvlK8wgrAzPXzrIaj3tTaGvpDmN3fwR0HBn_E2Bpf9t3Pc18GJNf_9dMr7Mt5TGRvdez_a_ehOFutER31b1WFSbtZs6tWybP6-4efDgdGvshggE17c79ii0c7y9Q4-FmRbctiNmFPwATms6bu5gPgBAGIBemCuvI4kgUECAQYAZIFBAgFGASgBi7YBgKAB9Oz3LIBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQkbYIoAj3sagEsAgC0ggJCIjhgBAQARgdgAoDyAsB2BMNghQLGgkycGx1czIudWHQFQGYFgGAFwGyFx4KHAgAEhRwdWItOTEzODI0NzY1Mzc1NDUzMxjV2xY&sigh=eBfb2LUe8nE&uach_m=[UACH]&template_id=484
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

POST
H2 204 collect Show response
i.clarity.ms/ 0
88 B 414ms
414ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:30 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 1734 0
18 B 76ms
37ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://2plus2.ua
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

content-type: text/plain
access-control-allow-origin: https://2plus2.ua
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=0
date: Sat, 26 Feb 2022 18:48:30 GMT

GET
H/1.1 200
OK api.auth.css
api.1plus1.video/static/css/ Frame 7057 56 KB
9 KB 71ms
70ms Stylesheet
text/css 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/css/api.auth.css?_t981030699094
Requested by: Host: client
URL: about:client
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:30 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Aug 2020 07:12:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 28 Mar 2022 18:48:30 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A3D8 12 KB
10 KB 128ms
49ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffd5779490bd7d8ee871f1638647e1dfbee22d8c9bd45ce7bef3f716dc418a0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9714
x-xss-protection: 0

GET
H3 200 api.js Show response
www.google.com/recaptcha/ Frame 7057 925 B
605 B 89ms
44ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=__api_auth_recaptcha_on_load__&render=explicit&hl=uk

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e665ea268a170af8681e507a516d30725a0b1542f161eb32511647daa47af2fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 584
x-xss-protection: 1; mode=block
expires: Sat, 26 Feb 2022 18:48:30 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 416E 624 B
504 B 48ms
47ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNXCOPtL5mg6zM_E-kS8j29ZjCkdcTTdWWDidjRCj3YQ5sn0OOmTCDuEEDIlXbtXpn7pWEnjPVNr4OEgxP0l62qfG3pvAYKqhNaxUO6WH4xkYVC7Dg01c5fm0tcs4DS87QusJJSyvLTdVPgq_3JJN9ZnW3JYVXjMfeG3kCEdWDegKS8CMyc

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Feb 2022 18:48:30 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9BDE 76 KB
32 KB 76ms
76ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A1LVDAa-1DoTwEF1LDqBBVmTQ8IVH0v-9mG_u9wXccokGCx-t5P5vUjUTwWxs0HsBmQ5QqS6iKFGwUODY9hGRg0fbWXKqZr4G3XjKZ18GFvessugO64M_zgYAvHF9twy8McdoDyQ7fz_onTaR98ygUy-Y0ig&dbm_d=AKAmf-BYgBjY7Q3Xa1Pnd9rsHRDexEI4PaxQnitjHOY22NtiO_v7q1D19wW4EUV9dzoLOseKCjMyqpRQ6VUcoZWg4jECMjd-A88-BixV1b2axw7yYdkklurJdWz1H1lZ2ad8QxC_z1sYloELem1VAlRBt32AUx-DVtSnNaJC4Yd-p1C0fjktcM1ggDwcBQ_USbmbTTVpUnkGHxuK50itUTCkNzvrWysXr-3Zk3C9dUbqYSp69BppAB1SZMAEubzEyO1_3gU3uGRsf4MbUhenmPlarTNR-Q8qJQXE1KtonINWe3kTbOQiOKtM_zVD8KwoewhIl0GIKQ81WTxg_zxqPK_9crhwRgcdPs19af5oOXaaVT8fTp-xiDQ1V8cRztfwY_cdtFABYKGs30k9dA-K7gJ5WSMc4ujhHpp0xqgIoEkYHVqg8TpqoeHSA6IAhjYhFD5-4nuD_IRVGOMVAP3dvC_Np5bOZv8J0tD4r0Cruxdhq5Eq048FpWfH_wCaOb9VyVnxEL2WbnmMZuNXzY5RSdR9q5h0ro04j1C95LEfUgFEcO1BFEuP1PgkH3Av0fJHRfFHfLnNjM_GyXT2TSRu5W9_48q73yXVoqFWjzYa63eoWLMpBAMjBeNgshEPsmmSinbUUJwbmvMz-rSZzgIKexxzxdV8axu-MoPbhg83RKLa8J0JvPx0P89DR4dk7pfTy7JWJLkPj_xsFUEslmKKhQB9GuMjl1I1UuklAerQH87esGdd1M83PIK6Hvz9sBHjOujuCR0H06-BIy3waNeYgqEYSKVlq1nDjVNqBafiRcLxg7ONLiq28V3t49mBiL_Gflc56qlJQijuIR_adGzVDP808tvJSmxCSotj86VCLz_tWzuUPxsvylJFhFADFGSxV4Alj9KWO6FfpiAgDm-swSnYcl0mGlzWdAmDiUKJzL2sKbmYiqTPgkcPPuQmzZuxEqkq6zgPbAT-yCq77gy8vEO12zCoeNI5lP7BUHgc-FTbG28rJH98RWIIZEOlOIkZVPzr6v9BjSpiq-gWVXMyC1SeyaEb9kImUVQswyoRT5XLtH9VLjcFoZY41U7i4yhevtTREB5RMbHxlFe_DlBjFzrU0_g3a3cW_U5GpPdTcllRApq6n1DU5voHSM552geeAbEj0I5cLUogAR30LwxSB-ac9WzzbOkXk5Bf47jb_KFMLJwmLMLt1QwcsXNoNa4Ym91OnXrf5CAzd-whSRNFrZuIcEpcfFj9fcb8JnLeiLyLC71xhU41dI4EQl9c7Cj8AaNXIVwO3oE8m8qZmVoBBrpWh6UGq8Y2r8VP1S29O0TTyywjnF2NwoAI9W0Nc9sqjyQ0EUJO0RKhF_eBG_QEBRsC65TUKKiWw5YnXGl3CKShcBtebPOCbkNWRKRayWsURMt7lelvkZRUYb142cZeNo4X9T7keQ-H9Uxd5lrhBt12Siqh_Suq7vkDSDCHXbwTXu_iLDKB50j2tStxb149_MneIx1MktU1erM9GgaEKMyi1iflg5f5a-LdVOnaJG_-SIeH9d-MLgTPdUB_BrAIZl-fpIKHpCJd1s0tnmOZvGPC-nwysoYWVBr6X-N76kW_UKRPiJz2ZmLzTg0r7IXjm37_5wi12oMk4RTgsVw9HqZncQC6acC0-1hX5TwXY6MqT1XWrtAGYK2h9o4Yh3DND012FieOVW6OWaztYYqLMOiLoqkSdzYhsu-0P2eFz-5sggBBda2i-h40mi_rpG6Z5TcSXUY6o1VMbxCR4b35v8a360tMOOpUFveB-eImgebwpqyXzObvjR3qpgs-l06QfE2dkrJhmvWwS_PQqc7-SMjRrrDILHdlxz2UMTcg-70KR74aEXo_UMbNB85ubgW-8QjSp7Yg1uorObxHFCIgC5PBX05qD9_mAWVyUgdRRwz8xALNEA5i4oGrA1RL3TNXEfNI3nhfMS9HFaQAcC60Izj2yuz7NBAWRD0f_TclLMn07m7Hy_UqI9teuCSYW5MYCxQML3Soz5JQrhp9CVDQxV6_IzarXO7vpQYFcnxIyFb-dE8tBVCx7HJEATdGUkQQq9jGn3vdO9Ooe8zaVEZIrJKviyBuxRw1dQ1-YRyYbjSvqj6sOHnCI38SqM9LbjUItMO5y_i6bBzGPBM2GDLI44eJzAQY4PRQbyl84EYT0y_r_Lz9O_6cyrBuNgnAb-zsdwARQ-0y133uOUEovHfnQw1U1TOsHPxZ_8EtSXBe0UxFgmJQuVJvn8-6-67JXO9O5E8cMtXxW2xhT6QrUPu4-VZC7_QaTZ4s_w6w3AIPAjmmRLrVFtufUe_83PHnSgLNP6W9ez8INfhGZKqalFCJz9p87vZEaJQnrx_YB3Ygzrj3nf_9FgbuFYKjZ2pjtAo1GdAQTrFZFn5S5Hj18U9eQWhhRUVVho8kY3LObZEIQVpZEf-49FKm5WbbauD44z0WwyB3kXBFXxxmK34XIK83SNxjgqEDzqkOWtOnShpm2gaFtw2qMDV_i6fcIDqp20hPuavjApMKFa7NbY2K9vrXxIwUg8mOxSgCbjx9KmaAJnX85k7a_yQt5sr2lmborLvVhLvkE02nVzbUY7sDUWnrsVuzpfRp0DF1ts4PgZ9wRk-IIWXX5ufnj6L6qv8bzTjgg9pUFnJgLoBXU7cQtTAWszs3njbdYFzMugUZcbOjJJMLSzJ6nEU8U4XnyVeCuJ3rcrPMRCVg4febnwgsE2yjIQKxlLUeCeltzZo5yuBFjFrAY8hTk3dj_mANV6bxsglwpyK_YbhEv5PtOOfel0wHCYLeoypGCjf5bs1TMXmSFO45BO-PryEAz0RLpHNNEBVjD_dPNZEXVUpgHxmTcJNO6h1trUle2edSgj3NbQlUEqNgeR1PJHvqqfFcKUfihYDzKKPwezpHdr2xdJoitms0PzDVkHcyMaZZfu915Y6p8FAybEuPd94PCb5R2N7K2FnMO4uakiU0xxOFxkDokfv1nPGWtNHvPnASO6PfjsgxXy7d3ZOqebBWcaYtBO8HL-mZLB8-yAaxRG9IR2JgKw0JiQFx72EH_-8mxOFAYht-wzKZn8QJTsT0c7Pun6HHPoWddhoeSbZPkKCC-caqaagBEvBKT1iZ2o8PNcEBjpiDQP-Wke8kEJuWaBqLDI0hvqjgnD5uvAqpl9zZCqkJMFzWFlWRykH8aMYakJpSn0HIyfhggOZYWkl_xL5mGCrTvftNvHpYp10WKNKBH5tvoFY9tUGitg75MXmoVmR1u_AnbqLcQFhSmbYkQfQMTzFgDOtAAcKv4iwjMQAnbhCnhdJqWq_pkKGSPYj_RHInrkIHNuXgCA6CUYIJJOL26W7BjU1LsTJasaz1Ka2NMr_g_xbWYIB9VRFeofoa8d6iKLD2aU17YPd5qmZB4K8p_p6oMd1ihEzViWHSTnxv70JIT9YBxgqzwzhIrXdUBf5G2AL2oEyT2BZBuxxDfD1ObbEGiKBeCNIfYIuAFVp7CQ&cid=CAASFeRo_XcN51XY1qPj8zZ1b_ngYtVSYw&rfl=1%2Chttps%253A%252F%252F2plus2.ua%252F%240

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d91e787faa8a7fd70f8baa40da6806c8a0a0b8e66f52aaaad241a607c8ef756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32520
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9BDE 42 B
494 B 144ms
68ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DtGeyOzfuRQJAoLUrnju8wfjQvsQCpyDw2KY9NIQWAMJgRFpvd_v-H_6-qpdUpRmL37a5KSFb_v_xRN_BRzBTdO2W6ZegR064uzfCXa9VBpvB2gEo

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame 9BDE 2 KB
1 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/window_focus_fy2019.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:47:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9BDE 124 KB
38 KB 99ms
56ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c17b823ddee789bdc88b380ce8aa533558cbdef360c5da8e1f9f0dd3b2a1040b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38829
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645619776399499"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Feb 2022 18:48:30 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame 9BDE 15 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3deec1e4d19cb71b80daa6f050c395fccb90d7f1c2ec74a920930d476013cf97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6434
x-xss-protection: 0
server: cafe
etag: 16791967082338318403
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:45:28 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/ Frame EB8C 19 KB
8 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/abg_lite_fy2019.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f328f4ae2fe983386843cc07db0af78c5fe9fa5ae67812f80062d5baa0e61047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7875
x-xss-protection: 0
server: cafe
etag: 9606807595520751986
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:46:40 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame EB8C 10 KB
806 B 44ms
43ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

84283b0271462df7595314fa8ab57070ed633174a851712bed2bfd8e6bd92117

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Feb 2022 18:15:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 26 Feb 2022 18:48:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Feb 2022 18:48:30 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/ Frame EB8C 14 KB
3 KB 130ms
36ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.css

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Mon, 21 Feb 2022 12:51:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 453400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 10:36:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Feb 2023 12:51:50 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/ Frame EB8C 355 KB
123 KB 131ms
38ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425d7478422a02b8592686dd947b18cae0ca66ab39dc437067219356fb7a0a61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 22 Feb 2022 18:59:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344922
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125995
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 10:36:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Feb 2023 18:59:48 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame EB8C 15 KB
6 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3deec1e4d19cb71b80daa6f050c395fccb90d7f1c2ec74a920930d476013cf97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6434
x-xss-protection: 0
server: cafe
etag: 16791967082338318403
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:45:28 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EB8C 0
0 53ms
42ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSqRr1iRr9cB7pc9DXDB-NBZaWmR7L6pfQsV9BdQAeCuGDENJD3IBGhr2POixMYgjof82r008guHJCijDjFmDjbPSFaFg
Requested by: Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

GET
H2 200 6592766407814317453
tpc.googlesyndication.com/simgad/8632550866364026550/ Frame 22B2 28 KB
28 KB 63ms
63ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8632550866364026550/6592766407814317453

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ba1786a67f5b19a64f2e887dd2f857eab87ebfa0dd527c1abb5948cfb7a02e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Mon, 21 Feb 2022 17:28:11 GMT
x-content-type-options: nosniff
age: 436819
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28274
x-xss-protection: 0
last-modified: Wed, 01 Dec 2021 12:38:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 21 Feb 2023 17:28:11 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2313693707258164419/ Frame 22B2 3 KB
3 KB 62ms
62ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2313693707258164419/downsize_200k_v1?w=100&h=100

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13a462e8c7a64a1c5713a37708ab3223a032ebe8c55afd1fabc779d6f6a43296

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 22 Feb 2022 14:25:56 GMT
x-content-type-options: nosniff
age: 361354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2603
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 13:09:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 22 Feb 2023 14:25:56 GMT

GET
DATA 200
OK truncated
/ Frame 22B2 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 043db8b1db5826cf4eab882a29001355d985089f56a7b3c3ec71a4fa048e5806

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 7057 5 KB
670 B 44ms
43ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/css/api.auth.css?_t981030699094

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

59570fcbd745ae7dbeeb64f356d410cd9404e7b9ce6a68c47a3a04d0a6df0a6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://api.1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Feb 2022 18:22:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 26 Feb 2022 18:48:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Feb 2022 18:48:30 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 416E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGzAndHGJLER_df4ZiD6xn8&google_cver=1

43 B
1012 B

101ms
66ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGzAndHGJLER_df4ZiD6xn8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNXCOPtL5mg6zM_E-kS8j29ZjCkdcTTdWWDidjRCj3YQ5sn0OOmTCDuEEDIlXbtXpn7pWEnjPVNr4OEgxP0l62qfG3pvAYKqhNaxUO6WH4xkYVC7Dg01c5fm0tcs4DS87QusJJSyvLTdVPgq_3JJN9ZnW3JYVXjMfeG3kCEdWDegKS8CMyc
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 26 Feb 2022 18:48:31 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGzAndHGJLER_df4ZiD6xn8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 416E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yhp1-4DXaMzWdY.i3j3K2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGzAndHGJLER_df4ZiD6xn8&google_cver=1&google_hm=2

43 B
892 B

50ms
49ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGzAndHGJLER_df4ZiD6xn8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNXCOPtL5mg6zM_E-kS8j29ZjCkdcTTdWWDidjRCj3YQ5sn0OOmTCDuEEDIlXbtXpn7pWEnjPVNr4OEgxP0l62qfG3pvAYKqhNaxUO6WH4xkYVC7Dg01c5fm0tcs4DS87QusJJSyvLTdVPgq_3JJN9ZnW3JYVXjMfeG3kCEdWDegKS8CMyc
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 26 Feb 2022 18:48:31 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGzAndHGJLER_df4ZiD6xn8&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 416E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAG8SwdU6QH_hEB-SpNyxMc&google_cver=1

43 B
1002 B

30ms
30ms

Image
image/gif

185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAG8SwdU6QH_hEB-SpNyxMc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNXCOPtL5mg6zM_E-kS8j29ZjCkdcTTdWWDidjRCj3YQ5sn0OOmTCDuEEDIlXbtXpn7pWEnjPVNr4OEgxP0l62qfG3pvAYKqhNaxUO6WH4xkYVC7Dg01c5fm0tcs4DS87QusJJSyvLTdVPgq_3JJN9ZnW3JYVXjMfeG3kCEdWDegKS8CMyc

Protocol

HTTP/1.1

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:31 GMT
X-Proxy-Origin: 5.187.21.109; 5.187.21.109; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 3dbf812d-65d1-45dd-a62b-9058c570765f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAG8SwdU6QH_hEB-SpNyxMc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 416E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzEwNTE2NjQ4ODk4MTAxMzgwOA%3D%3D

170 B
243 B

61ms
61ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzEwNTE2NjQ4ODk4MTAxMzgwOA%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:31 GMT
X-Proxy-Origin: 5.187.21.109; 5.187.21.109; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bc5261d0-0192-44a2-9796-1e981c7cf030
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzEwNTE2NjQ4ODk4MTAxMzgwOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 recaptcha__uk.js Show response
www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/ Frame 7057 388 KB
144 KB 122ms
37ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__uk.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=__api_auth_recaptcha_on_load__&render=explicit&hl=uk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5aca3b3633cf95378125b9d58efa940e31e4132feaeec61027c12235ce290944

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.video/
Origin: https://1plus1.video
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 23 Feb 2022 09:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 293551
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146725
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 21:22:22 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 09:15:59 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A3D8 17 KB
6 KB 100ms
50ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Feb 2022 18:48:30 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 9BDE 106 KB
38 KB 115ms
34ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
Origin: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 14:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16017
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Feb 2022 14:21:34 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/elements/html/ Frame 9BDE 8 KB
3 KB 88ms
42ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A1LVDAa-1DoTwEF1LDqBBVmTQ8IVH0v-9mG_u9wXccokGCx-t5P5vUjUTwWxs0HsBmQ5QqS6iKFGwUODY9hGRg0fbWXKqZr4G3XjKZ18GFvessugO64M_zgYAvHF9twy8McdoDyQ7fz_onTaR98ygUy-Y0ig&dbm_d=AKAmf-BYgBjY7Q3Xa1Pnd9rsHRDexEI4PaxQnitjHOY22NtiO_v7q1D19wW4EUV9dzoLOseKCjMyqpRQ6VUcoZWg4jECMjd-A88-BixV1b2axw7yYdkklurJdWz1H1lZ2ad8QxC_z1sYloELem1VAlRBt32AUx-DVtSnNaJC4Yd-p1C0fjktcM1ggDwcBQ_USbmbTTVpUnkGHxuK50itUTCkNzvrWysXr-3Zk3C9dUbqYSp69BppAB1SZMAEubzEyO1_3gU3uGRsf4MbUhenmPlarTNR-Q8qJQXE1KtonINWe3kTbOQiOKtM_zVD8KwoewhIl0GIKQ81WTxg_zxqPK_9crhwRgcdPs19af5oOXaaVT8fTp-xiDQ1V8cRztfwY_cdtFABYKGs30k9dA-K7gJ5WSMc4ujhHpp0xqgIoEkYHVqg8TpqoeHSA6IAhjYhFD5-4nuD_IRVGOMVAP3dvC_Np5bOZv8J0tD4r0Cruxdhq5Eq048FpWfH_wCaOb9VyVnxEL2WbnmMZuNXzY5RSdR9q5h0ro04j1C95LEfUgFEcO1BFEuP1PgkH3Av0fJHRfFHfLnNjM_GyXT2TSRu5W9_48q73yXVoqFWjzYa63eoWLMpBAMjBeNgshEPsmmSinbUUJwbmvMz-rSZzgIKexxzxdV8axu-MoPbhg83RKLa8J0JvPx0P89DR4dk7pfTy7JWJLkPj_xsFUEslmKKhQB9GuMjl1I1UuklAerQH87esGdd1M83PIK6Hvz9sBHjOujuCR0H06-BIy3waNeYgqEYSKVlq1nDjVNqBafiRcLxg7ONLiq28V3t49mBiL_Gflc56qlJQijuIR_adGzVDP808tvJSmxCSotj86VCLz_tWzuUPxsvylJFhFADFGSxV4Alj9KWO6FfpiAgDm-swSnYcl0mGlzWdAmDiUKJzL2sKbmYiqTPgkcPPuQmzZuxEqkq6zgPbAT-yCq77gy8vEO12zCoeNI5lP7BUHgc-FTbG28rJH98RWIIZEOlOIkZVPzr6v9BjSpiq-gWVXMyC1SeyaEb9kImUVQswyoRT5XLtH9VLjcFoZY41U7i4yhevtTREB5RMbHxlFe_DlBjFzrU0_g3a3cW_U5GpPdTcllRApq6n1DU5voHSM552geeAbEj0I5cLUogAR30LwxSB-ac9WzzbOkXk5Bf47jb_KFMLJwmLMLt1QwcsXNoNa4Ym91OnXrf5CAzd-whSRNFrZuIcEpcfFj9fcb8JnLeiLyLC71xhU41dI4EQl9c7Cj8AaNXIVwO3oE8m8qZmVoBBrpWh6UGq8Y2r8VP1S29O0TTyywjnF2NwoAI9W0Nc9sqjyQ0EUJO0RKhF_eBG_QEBRsC65TUKKiWw5YnXGl3CKShcBtebPOCbkNWRKRayWsURMt7lelvkZRUYb142cZeNo4X9T7keQ-H9Uxd5lrhBt12Siqh_Suq7vkDSDCHXbwTXu_iLDKB50j2tStxb149_MneIx1MktU1erM9GgaEKMyi1iflg5f5a-LdVOnaJG_-SIeH9d-MLgTPdUB_BrAIZl-fpIKHpCJd1s0tnmOZvGPC-nwysoYWVBr6X-N76kW_UKRPiJz2ZmLzTg0r7IXjm37_5wi12oMk4RTgsVw9HqZncQC6acC0-1hX5TwXY6MqT1XWrtAGYK2h9o4Yh3DND012FieOVW6OWaztYYqLMOiLoqkSdzYhsu-0P2eFz-5sggBBda2i-h40mi_rpG6Z5TcSXUY6o1VMbxCR4b35v8a360tMOOpUFveB-eImgebwpqyXzObvjR3qpgs-l06QfE2dkrJhmvWwS_PQqc7-SMjRrrDILHdlxz2UMTcg-70KR74aEXo_UMbNB85ubgW-8QjSp7Yg1uorObxHFCIgC5PBX05qD9_mAWVyUgdRRwz8xALNEA5i4oGrA1RL3TNXEfNI3nhfMS9HFaQAcC60Izj2yuz7NBAWRD0f_TclLMn07m7Hy_UqI9teuCSYW5MYCxQML3Soz5JQrhp9CVDQxV6_IzarXO7vpQYFcnxIyFb-dE8tBVCx7HJEATdGUkQQq9jGn3vdO9Ooe8zaVEZIrJKviyBuxRw1dQ1-YRyYbjSvqj6sOHnCI38SqM9LbjUItMO5y_i6bBzGPBM2GDLI44eJzAQY4PRQbyl84EYT0y_r_Lz9O_6cyrBuNgnAb-zsdwARQ-0y133uOUEovHfnQw1U1TOsHPxZ_8EtSXBe0UxFgmJQuVJvn8-6-67JXO9O5E8cMtXxW2xhT6QrUPu4-VZC7_QaTZ4s_w6w3AIPAjmmRLrVFtufUe_83PHnSgLNP6W9ez8INfhGZKqalFCJz9p87vZEaJQnrx_YB3Ygzrj3nf_9FgbuFYKjZ2pjtAo1GdAQTrFZFn5S5Hj18U9eQWhhRUVVho8kY3LObZEIQVpZEf-49FKm5WbbauD44z0WwyB3kXBFXxxmK34XIK83SNxjgqEDzqkOWtOnShpm2gaFtw2qMDV_i6fcIDqp20hPuavjApMKFa7NbY2K9vrXxIwUg8mOxSgCbjx9KmaAJnX85k7a_yQt5sr2lmborLvVhLvkE02nVzbUY7sDUWnrsVuzpfRp0DF1ts4PgZ9wRk-IIWXX5ufnj6L6qv8bzTjgg9pUFnJgLoBXU7cQtTAWszs3njbdYFzMugUZcbOjJJMLSzJ6nEU8U4XnyVeCuJ3rcrPMRCVg4febnwgsE2yjIQKxlLUeCeltzZo5yuBFjFrAY8hTk3dj_mANV6bxsglwpyK_YbhEv5PtOOfel0wHCYLeoypGCjf5bs1TMXmSFO45BO-PryEAz0RLpHNNEBVjD_dPNZEXVUpgHxmTcJNO6h1trUle2edSgj3NbQlUEqNgeR1PJHvqqfFcKUfihYDzKKPwezpHdr2xdJoitms0PzDVkHcyMaZZfu915Y6p8FAybEuPd94PCb5R2N7K2FnMO4uakiU0xxOFxkDokfv1nPGWtNHvPnASO6PfjsgxXy7d3ZOqebBWcaYtBO8HL-mZLB8-yAaxRG9IR2JgKw0JiQFx72EH_-8mxOFAYht-wzKZn8QJTsT0c7Pun6HHPoWddhoeSbZPkKCC-caqaagBEvBKT1iZ2o8PNcEBjpiDQP-Wke8kEJuWaBqLDI0hvqjgnD5uvAqpl9zZCqkJMFzWFlWRykH8aMYakJpSn0HIyfhggOZYWkl_xL5mGCrTvftNvHpYp10WKNKBH5tvoFY9tUGitg75MXmoVmR1u_AnbqLcQFhSmbYkQfQMTzFgDOtAAcKv4iwjMQAnbhCnhdJqWq_pkKGSPYj_RHInrkIHNuXgCA6CUYIJJOL26W7BjU1LsTJasaz1Ka2NMr_g_xbWYIB9VRFeofoa8d6iKLD2aU17YPd5qmZB4K8p_p6oMd1ihEzViWHSTnxv70JIT9YBxgqzwzhIrXdUBf5G2AL2oEyT2BZBuxxDfD1ObbEGiKBeCNIfYIuAFVp7CQ&cid=CAASFeRo_XcN51XY1qPj8zZ1b_ngYtVSYw&rfl=1%2Chttps%253A%252F%252F2plus2.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:46:20 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/ Frame 9BDE 25 KB
9 KB 77ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87b3beae1d08bf029d04938bc1d76c7870d450fd75609a85dfafd761cd472047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:47:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9647
x-xss-protection: 0
server: cafe
etag: 6462939580093197770
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:47:51 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3D5B 0
0 59ms
59ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuqTOFN3D6OfiyUbICI91EtAbbv0giOD3-J2Uag38JyT0IAJMxMwOFaoeC_zdzmtMTebw-hmJ1bmRNjKvnNOGrn_NXbt8lx9h88WWT9o9F_pNaLiHw9DuG8glHTm_ELaZsaYjuli68sbv-lsAXFyoJ9naJ9HfS-sQjMTR-FI6gMIgZ4yGSYGQw-7SsemMI1JSxBMK1U5MB1wQxQSXI_9iSzQ8HYr4WWsF_YkGjnuWdvuRp83L_8UcUisS77w0DvJ6fO3hPaVIlW5BSsAY_Odva14c175DzoKBx7txsiMdqHFbDAgOhGDAQMqrk3CrTdNUWPF67o4_Z6e32E&sig=Cg0ArKJSzCbLqAQSypeHEAE&uach_m=[UACH]&adurl=

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame 3D5B 2 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:47:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3D5B 124 KB
38 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c17b823ddee789bdc88b380ce8aa533558cbdef360c5da8e1f9f0dd3b2a1040b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38829
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645619776399499"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Feb 2022 18:48:31 GMT

GET
H3 200 8963748202124403487
tpc.googlesyndication.com/simgad/ Frame 3D5B 131 KB
131 KB 39ms
38ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8963748202124403487

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065322

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6c4b7d127b0e942af0ba329db0f154aa28ce56b82faf581aeceb4f1ed94141f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:54:08 GMT
x-content-type-options: nosniff
age: 93263
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134425
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 14:57:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 25 Feb 2023 16:54:08 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 90F5 13 KB
5 KB 36ms
35ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:46:15 GMT
expires: Sun, 26 Feb 2023 18:46:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7952 783 B
535 B 44ms
43ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

975820027201e4fca94c913a16983075fbdafed29a8150b3150b1d9f02185969

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-f8d5M6IylutdG96XudVxPw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 26 Feb 2022 18:48:31 GMT
date: Sat, 26 Feb 2022 18:48:31 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-f8d5M6IylutdG96XudVxPw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9BDE 41 KB
15 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:07:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Feb 2023 18:07:04 GMT

GET
DATA 200
OK truncated
/ Frame 9BDE 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29236420fbff17fa3a942e841516fa9befb10cf4002d2d2f25f4ba8e07ea1d02

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 csi
csi.gstatic.com/ Frame EB8C 0
327 B 323ms
107ms Ping
image/gif 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~l04757jg&c=4883920299753&slotId=2441960149876.5&qqid=COuXwJeEnvYCFR_YEQgdIF0JBg&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80f::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EB8C 0
20 B 70ms
69ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=C1ktw_nUaYuugFJ-wx_APoLqlMJr6usRnodjF0LcPn-yivcABEAEg_f-FI2C7hoCA0ArIAQWpAqdKxp2TgbY-qAMByAObBKoE8AFP0NmPJaOoJ-cT4xq4JbbpIpaXuewYnVhxkOhswAYgok8kMq1ZpybvGQTMamwWQmAdf_Gy_7oGo7iWdUWwBJpANwMUJMJ7Ajc0zmtcaGAi8jbeJsMIgbT-Ray9bF0UdIeAZ8Q8faqY0NJh7LzjZ8DMFst8yR9VoAJoJHZ5zhrSanSVtitmxL0r6_u1VXcZzM-vWw2ae0S10u_HKecifFnss-mTKVpy2d2fWe90GWudMv6Z2jxeZYZ3cQAnHoNInpWk9m2AwK5m_XFSXeV-FjogZzdRXdT2CZ6E2uPA4nWvPPF0m12XZCKHhNZ7Gm6G5fnABM_c3tHlA-AEA4gFp9Kq0DqQBgGgBk7YBgKAB57ZmG2oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwCgCPexqASwCALSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE-jYkg7QEwDYEwqCFAsaCTJwbHVzMi51YYgUAtgUAdAVAfgWAYAXAQ&eventType=clickstring&clientTime=1645901311090&ai=C1ktw_nUaYuugFJ-wx_APoLqlMJr6usRnodjF0LcPn-yivcABEAEg_f-FI2C7hoCA0ArIAQWpAqdKxp2TgbY-qAMByAObBKoE8AFP0NmPJaOoJ-cT4xq4JbbpIpaXuewYnVhxkOhswAYgok8kMq1ZpybvGQTMamwWQmAdf_Gy_7oGo7iWdUWwBJpANwMUJMJ7Ajc0zmtcaGAi8jbeJsMIgbT-Ray9bF0UdIeAZ8Q8faqY0NJh7LzjZ8DMFst8yR9VoAJoJHZ5zhrSanSVtitmxL0r6_u1VXcZzM-vWw2ae0S10u_HKecifFnss-mTKVpy2d2fWe90GWudMv6Z2jxeZYZ3cQAnHoNInpWk9m2AwK5m_XFSXeV-FjogZzdRXdT2CZ6E2uPA4nWvPPF0m12XZCKHhNZ7Gm6G5fnABM_c3tHlA-AEA4gFp9Kq0DqQBgGgBk7YBgKAB57ZmG2oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwCgCPexqASwCALSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE-jYkg7QEwDYEwqCFAsaCTJwbHVzMi51YYgUAtgUAdAVAfgWAYAXAQ

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame EB8C 22 KB
14 KB 156ms
75ms XHR
text/xml 74.125.133.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-CZZ8G0Tx6IiXMz-4U0cI4AIQqtHaSeDzjv9CLdgSWbVC_an_PIRUqXBPUjFQvk3Yp8uIJJuwHiV3h8yI8XLSk6YL5YgQ&dbm_d=AKAmf-CM1aCn3B5J2bAKB96T5xixhljb0xchFwkQMS4r0PxpKgCkM76IOMZ3NjX2tPhlE270yfdO-7Z2k3qKPHA0Gc5-9SuBLOse1P8cbqG39LAT1PhXx5GIP61aLCNCBBfeKs7Ch9Hi3PZ2y7H2QO_8Hm4GIm9prcu-G_tSzva8RN8D8SbR6ETeGpGDTr4WEZd7n56rU3xI9_jSBQcNryP19A6U54v-WdVbVB03opkb2jLg-dHqhBp6wD3Q91inMPPclH2DqrbLNlh59edhesqDBuTEAUGf_QQPoWWVgViuxhSd68pNGjA5QArtOoJNaDJJKSvTyaAFB5DGlKyxjfvSUGS36xwEwEWH2Zngf4ElmjPqRIoKODZmupg8cauAAu3UQqZyYKk9lLtWSXpNl3UIL5WOKi50dsG4hqrcVQuEeIwwDAHmuT--tFU4lbU_GDieDcpAeiTEbyMZFhSPG_psYHuMz0HfXj-EZ9EQMLhkNpm8HRggiCkThNQdeyttD8H6MiH4DHjUtO6tRUu82MVWljKjmkpnaqbMQ9YcseNlcxyhx_ZJwu8ARlRn56EjCq_mdw0tF2V2D1tQO-M5CaAK8cz7kpRHBlj2je08R4JVsEILZC9kRdC569DdRvMNNwwCuXP2IhODojAcefj6E8hEtEOREe-LyVh0PZPs6UsMphpbMUPwlB6vgy_m8INJ7aCx4jnrHSUXlRTwUBeZWfnVgMgSRq4n3SQrkSXgXivJQ6_FB5C_BOCARRLSMCrq8U3Xb-8K6DDb_WbcA3QURuCHvlyE3Q6Hqd01gdZCp9oIgBbunmi3feBYSjrcai1cxfpCxzw1x8qkmEUDP8F3WVpIc0IktZhSNipHPAoMHPtY8FctrAy6weIzrYsdA7fszhmE5ziy_N3rBKLJjq9I1BvFPf5su-r_1THjYyahAJQ6s6HdmNr-4OWUpSQ2OEtekc1EcRojPjhvphL6Qcq8RzVraEJMn6zLwMBjJ7jxx2LUFe_I6P_4OsPY8yqp5Xk1IncCToPI0kpT27mQNo8ABxe4_0sUQk1O5z0R6qW_OMCMPCa9bJnTcAHOxu5NSocX5-O-trxhFlIiMf3snEfhyklKhQdNgyCD4o8nE0veAZKiQtWutxXOhHElZvmscW5zwYNZJykXnCvhYp61t3tuC3F_OBefmSjtxQ3Jn3mB1-2IEbvFonl40qH1BK7a5Mqrb3O8Lg97pwSNwwE6tFfgboH-bS3r0IqanoZ-9HdomlKuZM1cFK00ZU7jck_jLG4UminRrpvLiBLLUET5nkvDrnO_1pKwfAB82w6AhlOH8c0ETE80jzzgWRMHO6suRyiEXPOQTLi68iCX9Oxk-A2qpyREHg9P9Z1kgRhVDso_IfrDtgaFkR1UC5JZb5lacpJL6lc4tURLVpg-wwjPVMpEDho1t442VT87evIF3Zbw8fY4WsqMppx37IE0uB4d21-cHy6pTWQ_PdNGdO7m6zFPiIxLJdviD_Ss2DyvpPb6WTrfy3VA7j9ocqGTcoa4BThonYju_oKf2vRL5fms-XG1NRLuzXZwp2T9551fy2-ou45P0W0tP9j9ASdXGdu4v_mmWOkuiGGc65QzJj748U3hIhXhLrOaV-D8RhxnGU6osw7urIee6Hb8TOKNuTKUyKHfOGEC3vYSiAg3FyRLXZ6klh_G_H9vLx6FCBjPIWUapYwLMJzrGoqvb59awsQcAP1FmLDQWqUeci4JKt9o7LwpS2KqhmzAuvWHz03KNQ14v0LUHy3FswS-2KNl_oR18fum61bhRNvfyFppo7ZkS37tRZaN4mBR1tKAYq3gWY3jRFShB1LpDxfRIJlUIpBTA3yEQQJYZrkWWgHfOXxeYb6GeWuwwAT79EjrXqcva-9IIiVgJDFeqgjMDij-eYo51M2ckHwaRVeBwTixMWZTGskRYYBA9MH6BLkXjXLpE1T5hUowCrTeGdKRV-HM2tYQpHa_haVPYrSYH8cgTfVbfcWLlXmNWjOteDCeKWw--g-baoTYHhDIcdqoTDenztAoKtll9T5miZitBUKdev1C03tuRIYVbedtx6skzkKY-H-eLEIAJpig1qrcs2Di1OWBK4AzkG2ifowuQB2up6mQxycfF8dnzBmqs6DWfCD9kV_agCzdURQSVWVPoi5vF40_dS81CVxpY3PbU3cuPRZXcsO4awfb0OLo331aQfUVkM11uQ-uggBr_oJNV9bEHZuW5OQhnzpkyOThDdAok1pdAUJOob5vjyxqYu2bge6RELsZGvd20ktByOAG2VtV9fpOkJ7eFejhj86suuL8fbGmHVPRBnGXzKGC7KCqwTbISLM5DxdDjoinYY0rowJWgSXzgChDv8MR2bIdhayQ6I4SjG6KpWlhL_0RkqVEBlyz_7Jzkc-9mhw1NocO9YZm902uV7z44lTsYMqiVFWeinJkUO1cHX0WQztwI_lNW9NSfNrGAE05o_KSKFr-k_YP0i0beE4ERVh-YbJYEZ9JwmU3hVCU8NpptXND2UbE0p96eWypJkZAHf2KD9JdBDe5TekAzscvTb7vNg8Mp68lKZx5UPKMguTCmjuns_-bS8e5k5L9lSRMvIBst7kSooaLjl8WEDteNpJl0t-elT010oQv81HQO56NWA1rnpiU7yjFxnFVzoRN96kZ5041g3DyYRnpF_JtzIkYUuHJ0Tfl0yieqwlCbSb2Ait_qUXA8VTZK2gmZ-jpV5Ucaf71Txhsye9pwHn8gKMmUSxXKGzGRzhyFQA9t5CRQpQqc4nLoVRi1ZvvwIEKa5d4yRGIef89TgRZhnFu1FTtbtsk7EudM5IycOm51gaw4qOEGR61ute8Oi4qmqiz_CVAY4Gek9Cxgapf8ZzT6L0Wj3o8OdBm4D_bsuQPP-EHJWmqp6M6q6QwY6zuR_Hm6zzY-CAxY6UDI_QK0gw-PSq4gE0TLlEbEWoU2DVoZ8nHWGEpu6664-My3sPg_GGoLvnH4iKt5yOgwDSFP1TxpzNB6FvMiKsc6q9Jvm6DRQRI8cVsasSvf3NbNOlvFpTi4AmW6bh9JIlCCziZiQavKW-dq1sGKySD80udr8wOjzX9joP5GIRNVajrHz_H-r_4RSifa0X7tSN69zfOb8rcaHultWd6boibwTV7spiYfbis2qeFAr0Hu_9jh4rlaxnmZpoow9C8ZlS6NMgg-sgUyg-Jfk-m8bPrV3m7klmvrNXAz-xDJngUEehSDwQH1SAX-Sfgd0L7lvFGqRiooKDvilOArfgjcOc9NKcSPD4CxihnQ05iFbT84PneC8fCir2iyeiAEyPow2tgI4lgW6aqMjx165zgllZ_iBLsph_f9zC0yo41Jprx7FmjXP_NjLGPd2wyAFbYoWjuly1VwMrJQA6kGmNapxf2WHpuB8ylv2cJJafhI3Fo_UtRGBypU851xk-IMEaFjCe79RK2e6F6ltkdmeG1r1pj&cid=CAASFeRoUFK-q1DyUdLobuZefa2TmRhNng&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f154.1e100.net

Software

cafe /

Resource Hash

53bb13075d10d99935317bbcf8f8112d360dbdb07a2a1c2de839ea13dac6e21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14197
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EB8C 0
0 59ms
58ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CsbJh_nUaYuugFJ-wx_APoLqlMJr6usRnodjF0LcPn-yivcABEAEg_f-FI2C7hoCA0ArIAQWpAqdKxp2TgbY-qAMBqgTtAU_Q2Y8lo6gn5xPjGrgltukilpe57BidWHGQ6GzABiCiTyQyrVmnJu8ZBMxqbBZCYB1_8bL_ugajuJZ1RbAEmkA3AxQkwnsCNzTOa1xoYCLyNt4mwwiBtP5FrL1sXRR0h4BnxDx9qpjQ0mHsvONnwMwWy3zJH1WgAmgkdnnOGtJqdJW2K2bEvSvr-7VVdxnMz69bDZp7RLXS78cp5yJ8Weyz6ZMpWnLZ3Z9Z73QZa50y_pmCPfx5jk3nMrWbU4LRZG7cng-9Uun1saMFJadlJSrbPXhFQyjgxkQJLNXMbU3ZZgln8AhxDp8DM6lVn8AEz9ze0eUD4AQDiAWn0qrQOpIFBggDEAMYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGTtgGAoAHntmYbagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcLEM7J5gEYs86FtgGgCPexqASwCALSCAkIiOGAEBABGB2ACgPICwGwE-jYkg7IE9WQg98D0BMA2BMKghQLGgkycGx1czIudWGIFALYFAHQFQGAFwGyFx4KHAgAEhRwdWItOTEzODI0NzY1Mzc1NDUzMxjV2xY&sigh=gPG4VEkbB8w&uach_m=[UACH]&cid=CAQSPwCNIrLMmMXlACrq8Gb2Ah8DK4FVKPpB3d0OIvJCJIXxS06spvxpjayAXnCYP_JIUpzP-AnYl9VSmlpZFPm42w&vt=10
Requested by: Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame EB8C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da53e83581d8ffce499de0fa266ef8ba21b14fcc77573f8c90552d12437de666

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14333778370720956416/ Frame 46EF 304 KB
41 KB 86ms
38ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcddf8c32c3d1d0cacc35462e294d7b2589645eff555b50c5bc22d5dbf98ae81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 41685
date: Fri, 25 Feb 2022 16:43:12 GMT
expires: Sat, 25 Feb 2023 16:43:12 GMT
cache-control: public, max-age=31536000
age: 93919
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9BDE 0
571 B 195ms
110ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvO14JyIlh0CR8i5OMZtDS_auC9al40jKf598QMOzug1AAvjzZ8IP0lB52QjCLZoioQpCuD1gie43FbAMgJNlJEdvEmtE8ykVuFU_jDcpiz7WkTDBbchwYvxrHLqaXUO6oWsK3oCOZAhJnj9DllxAnm9SMfyFp-Gp3x2e9CbxyaNqoLYjkJ4bpRpBjwx_GhwaEtcNCCaNIfM3TdIvalIm_bcI7HF458nCBzWSghQgSNPcVkyBVIXaFYyeLsMqXWTALQGg4XsheiW3B-48EbxnWTGneEt-__mFiPjhdvyqvqRkorQusOp03meS24z6VQjaOCm3ntyuwTRlsXOM2MmNYe5f3AOE6VYsKDfiFUjbq9wdhQirXCn7hrnZ_L1wuWTO0_ww8K8VI9GqWXPFv8Lw6orrRdbBZm_B1wm8ikNlpOu0v6XDfkipAqlse9G7W091p_gopDDzuWTKrtuxYZMJwWJ6SDnQeLMd-JOcyCxe0be0tnaL28dF4e_jxeaya2hC4Rvjgz62f2ljj78jfmUK4snbGm4Qa9kn6J50EJWJDP5cYeqNMg_0V-n9aGKuZ_6B-DtruC8AHvKakW7zoFPJmtWnb6ioL4vEidKr0WQ1uPz9Qv6LibnG6nMwEBYc71w9IkRmOGwkI6uJJI_azpWXQft0oQPmE1ywgSRMRTitPKX2a0P-Qrp6Vc295jZ0wW2aDOsO6G1vMc5LijgbxMwts_XqaZLVVVusxHr-DZi7VvPB_wRRCkD6KEfyjQZmkUqNgM1ezTaLAv8D4JBmVW90JBldsKM17D816ZmEl8OkRU3Jg32rcukZF44HvmKeql5dS7qKEFkziiK5VeoHKm7XurSGuSpjgyG5ysjbHY6HzRFM4KKbQwsGdauJnlvgeL_ecLLj4HvdGGJ0LwgzGANYvSmIrjbL3rISMPDFRo_aPl7bhnnZbKwy96cgoxJMWLjcfIBUGjSFRLUyWnK_jx4CsLEOhutv9nD2qtowGQNwJTH2Pk9ihllnCsX08LwNVUECnSfLs_k6drg7sskhfo8UUueoeeQn_FJ1PhN6Wh7G54Ssxw8Z3TvTdEtMxCDlawylS46FSajM9rdVZRqiwYnufoBGQlmmyy7FcxR-0TEaBEUXuqg21s-__AoVf7COmnbgMwulobifcVTU-DGRx89ThAOBqSEFR6W6Z9CgwZCcz6JeR_D6l5uvjp7qOOf9wmyZiPU_kc1MePbEkJsRwrsWbCr_a5Pw&sai=AMfl-YQFiWHhAT0-0owTscWmz-cKfKgvEddTSvoKy8GlVm7mb7MLO0YO6vOgGyiCpaii5-bcbNEPp704sub2BSiUoS2OfYtEXZSj8TDOGT5M-7NMopRG0joXMy00n_cSnchWK7cfMIVrZhNEJxELsMSESD0ZofaSCg4wKze7LZY&sig=Cg0ArKJSzHnZAqlUqTEhEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=223&cbvp=1&cstd=221&cisv=r20220223.92251&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 26 Feb 2022 18:48:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3D5B 0
0 58ms
58ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZjFQa4VVXXtj4W8bECoxikgdyoIU5oeGutobql_Ec1g1rT-wbnvyyNcral8Zs3gcaIPxS_KhYPkXgA6gVbGvNAQ6SfMNZu0MkJkVArcBaDSlBbGpFDiDQNYsF74dkVD5zfWgh17DxM1vpcpzxL-uleFs_UegSydrFm9sLKh09v2AU4SFau1I_c07sei-Q9VK1wlDsCR5_QDPBTpMfX7I7Y0S61ufWuCd6t02NDnu2hG6MCI3Bl8VpNbQd_d0N3kerzqEbfMLLPX7Zut-bSiIYHkSZRb-oS1yaFQGFdf8xYGYsLL6rLdURx7F-cNoCG-eikvM9jRR29Qa0njs&sig=Cg0ArKJSzOuhPSSty1I9EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 26 Feb 2022 18:48:31 GMT

GET
DATA 200
OK truncated
/ Frame 3D5B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b7b53998ae8360ed30e190aa7aae41c3a232695371b51550f788c270c7ee612

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FD1C 22 KB
8 KB 35ms
35ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:07:04 GMT
expires: Sun, 26 Feb 2023 18:07:04 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 2487
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 34ms
33ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1936522573&t=event&ni=1&_s=2&dl=https%3A%2F%2F2plus2.ua%2F&ul=en-us&de=UTF-8&dt=2%2B2%20-%20%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Clarity&ea=1yjcxr9&_u=aDDAAEABAAAAAC~&jid=&gjid=&cid=1789385656.1645901310&tid=UA-3838466-26&_gid=1107476374.1645901310&gtm=2wg2n0W2BBRKX&cd1=https%3A%2F%2Fclarity.microsoft.com%2Fga%2Fal26fychxj%2F1pivnfg%2F1yjcxr9&z=1699315319

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 00:15:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 66762
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7952 0
0 100ms
98ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022201&jk=3760899305414281&rc=
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 68ms
68ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_slotexp&pvsid=4131258251116565&vrg=2022022302&nw_id=82479101&nslots=4&eid=31064150%2C31064836%2C31064957%2C31065323%2C44757101&pub_url=https%3A%2F%2F2plus2.ua%2F&qid=CO2XwJeEnvYCFR_YEQgdIF0JBg&iu=%2F82479101%2F2plus2.ua%2Fcatfish&e=0&ret=1600x180&req=1440x180&bm=1&efh=1&stk=1&ifi=4

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js Show response
pagead2.googlesyndication.com/bg/ Frame 90F5 35 KB
13 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

891bbb47d2add07dd4c05d7ecd02bb2cb830225f03691961af7aa92931c20c86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 15:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13728
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Feb 2023 15:40:28 GMT

GET
H/1.1 200
OK hls.light.min.js Show response
1plus1.video/static/player/js/ Frame 7057 153 KB
53 KB 155ms
155ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/js/hls.light.min.js
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: bd9072da49e87b2c3688527532eb51a54a6886366915be497e4e2de0c83e5859

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/video/embed/GRsFFLJ2?autoplay=0&l=ua&logo=plus2
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Mar 2019 13:06:09 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Mon, 28 Mar 2022 18:45:31 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 46EF 29 KB
10 KB 37ms
34ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 06:12:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Feb 2022 06:12:45 GMT

GET
H3 200 iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js Show response
pagead2.googlesyndication.com/bg/ Frame FD1C 35 KB
13 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

891bbb47d2add07dd4c05d7ecd02bb2cb830225f03691961af7aa92931c20c86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 15:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13728
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Feb 2023 15:40:28 GMT

GET
H/1.1 200
OK skeleton.js Show response
vast.adsafeprotected.com/vast/fwjsvid/st/720241/57409475/ Frame EB8C 12 KB
4 KB 191ms
57ms XHR
text/xml 34.243.10.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vast.adsafeprotected.com/vast/fwjsvid/st/720241/57409475/skeleton.js?includeFlash=false&originalVast=https://ad.doubleclick.net/ddm/pfadx/N700925.279382DBMGSKUK-179515896/B25721163.315563668%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://2plus2.ua/%3Bdc_ves%3DdGltZXN0YW1wOiAxNjQ1OTAxMzExMjI3Cg%3Bdc_cid%3D158736984%3Bdc_adid%3D507759593%3Bdc_vpaid%3D0%3B
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.10.54 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-10-54.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6a1358ed6c57bf3d8972190a2df935828e75af5c424123a561b9d8a1d1ee7ff5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:31 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 3587

GET
H3 200 VolvoNovum-Medium.woff2
s0.2mdn.net/sadbundle/14333778370720956416/ Frame 46EF 38 KB
38 KB 37ms
37ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/VolvoNovum-Medium.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2675ab1d1852f1aa30e272d7c2b1b9616e1f4771a94860e0d92bc7fca6c3c48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
Origin: https://s0.2mdn.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93950
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39068
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 200 Volvo_Black.png
s0.2mdn.net/sadbundle/14333778370720956416/ Frame 46EF 5 KB
5 KB 36ms
36ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/Volvo_Black.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5be30616d437d2baf9041a6648598542ae30fed30d261b002266e5d58969685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93950
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4824
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 200 Flash.png
s0.2mdn.net/sadbundle/14333778370720956416/ Frame 46EF 3 KB
3 KB 37ms
37ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/Flash.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baea5caffda9109fe3fe251376d60a25ea43c846fa7bb8dc4b15da44a78c6760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93950
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3431
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 200 Floor_extend2.png
s0.2mdn.net/sadbundle/14333778370720956416/ Frame 46EF 56 KB
56 KB 38ms
37ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/Floor_extend2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f93264606087b4c1dd4e0bb8bf2ed92549c53fe8b5f095d214c4e72a765f5482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93950
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57259
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 200 Spritesheet_XC40_MY23_3.jpg
s0.2mdn.net/sadbundle/14333778370720956416/ Frame 46EF 826 KB
826 KB 48ms
48ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/Spritesheet_XC40_MY23_3.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7005993ffb58b0f035fe085bbe16659d833604b1a6a5811b168978b32ca181cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93950
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 845547
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 90F5 0
9 B 35ms
34ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?AZvEWQ
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H3 204 csi
csi.gstatic.com/ Frame EB8C 0
17 B 211ms
104ms Ping
image/gif 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~l04757jo&c=4883920299753&slotId=2441960149876.5&qqid=COuXwJeEnvYCFR_YEQgdIF0JBg&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=0&ulv=1&cll=0&vmfc=1&vhc=0&msm=1&aits=0&webm=0&vp9=0&vamt=application%2Fjavascript&hvmf=true
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80f::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EB8C 0
20 B 70ms
70ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-error&message=lima_missing_ad_media&eventType=ima_sdk_error&clientTime=1645901311479&ai=C1ktw_nUaYuugFJ-wx_APoLqlMJr6usRnodjF0LcPn-yivcABEAEg_f-FI2C7hoCA0ArIAQWpAqdKxp2TgbY-qAMByAObBKoE8AFP0NmPJaOoJ-cT4xq4JbbpIpaXuewYnVhxkOhswAYgok8kMq1ZpybvGQTMamwWQmAdf_Gy_7oGo7iWdUWwBJpANwMUJMJ7Ajc0zmtcaGAi8jbeJsMIgbT-Ray9bF0UdIeAZ8Q8faqY0NJh7LzjZ8DMFst8yR9VoAJoJHZ5zhrSanSVtitmxL0r6_u1VXcZzM-vWw2ae0S10u_HKecifFnss-mTKVpy2d2fWe90GWudMv6Z2jxeZYZ3cQAnHoNInpWk9m2AwK5m_XFSXeV-FjogZzdRXdT2CZ6E2uPA4nWvPPF0m12XZCKHhNZ7Gm6G5fnABM_c3tHlA-AEA4gFp9Kq0DqQBgGgBk7YBgKAB57ZmG2oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwCgCPexqASwCALSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE-jYkg7QEwDYEwqCFAsaCTJwbHVzMi51YYgUAtgUAdAVAfgWAYAXAQ

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
197 B 50ms
49ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457194/hbw_master_298309_11708.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://2plus2.ua
Date: Sat, 26 Feb 2022 18:48:31 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 45ms
45ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=2plus2.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 50ms
50ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=2plus2.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 82 KB
25 KB 448ms
448ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4131258251116565&correlator=503459593737709&output=ldjh&impl=fifs&eid=31064150%2C31064836%2C31064957%2C31065323%2C44757101&vrg=2022022302&ptt=17&sc=1&sfv=1-0-38&ecs=20220226&iu_parts=82479101%2C2plus2.ua%2CBranding%2C2plus2_300x250%2C2plus2_300x600_2%2Ccatfish&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5&prev_iu_szs=2000x1300%2C300x250%2C300x600%2C1440x180&ris=1~1~1~1&rcs=1%2C1%2C1%2C1&tfr=1~1~1~1&prev_scp=Project_2plus2%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_2plus2%3DOther%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_2plus2%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_2plus2%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&cookie=ID%3D82c15bdba41ebe37-225ec3054ecd000a%3AT%3D1645901310%3AS%3DALNI_MbqUKiSh2NHKtRxakC7JFkHgsZ0Pw&bc=31&abxe=1&dt=1645901311487&lmt=1645901311&dlt=1645901308935&idt=715&frm=20&biw=1600&bih=1200&oid=2&adxs=-200%2C992%2C1015%2C0&adys=50%2C645%2C1025%2C1020&ucis=1%7C2%7C3%7C4&adks=3753537382%2C3937908213%2C3276604062%2C4136652780&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2F2plus2.ua%2F&vis=1&scr_x=0&scr_y=0&psz=0x-1%7C300x250%7C300x600%7C1600x-1&msz=2000x-1%7C300x250%7C300x600%7C1600x-1&ga_vid=1789385656.1645901310&ga_sid=1645901310&ga_hid=1936522573&ga_fc=true&fws=644%2C4%2C4%2C516&ohw=1600%2C300%2C300%2C1600&btvi=0%7C0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4f1eb8336da2ff616af13bf39fbde0dbcabefa3bad2d405044eabb156e691cd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25318
x-xss-protection: 0
google-lineitem-id: -2,-1,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://2plus2.ua
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD1C 0
20 B 76ms
75ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BKHzV_nUaYpSWM8HL7_UPoaeH8AYAAAAAOAHgBAI&bg=!lpWlldHNAAas2QJZrNk7ACkAdvg8WmLTp25D0fbrCKtBIXyg8gnds69ArQxjfEVnusYZ7joUnGX8UQIAAACdUgAAAAJoAQeZAuFCeGFkC6XDxv37dRoLI6o8tkXImNY6OtycEd7Pj2N3EVOqBThLe0j11ol6mmD1zafI-v4JcsVnBKfYzCdDgcCkWUVzJmibqHCC7LmhkTkpkDEMCUPA4t6q4dWXsOp7snachqTu7-fuNAhB0bkgK0vBm8VikCfN2uUF1rLZJxww-sNTX5JJbB4lqZSRNx7M08SPZvYDCUuro8DCkdkCbvQV_c3MhTCaEQ0ylO-bhtL-Hvxue-1B_kmCEfjWYLeDOJfBQEAxN-_96pf6YgMivwMI3s5U3yy5XjGKR1niqhnzzEaBVYWRadjV2cjNYN75Kfxczg6f1DXb3afAduw2dEQpN-MxX71KK7lAHy26sJdy_8GoxxswUIl6D6orMHPEhZ67m9B81EhOnXihr0e3B_752_qPleML1Oel5Lbf0h3w2Yfu9-eriLZsOtAiOSwsEe4BqEbVqz2qMMFh-aCgcV_DTR_ye2pTOoWyjiz2hmNvj2LKbvfxa9UviIvhhVL4S7cs7458PSIpRGmqbChQmY4d6bySZS7Zz7OgtsJ_-z9EOR8ZfrWQrbVndAhLVZhEIaRM2efirdUln4jKpNckcwI3pdhGIiVuvgaNX-DgTEm0M4_7dZ-NRzMZlbfC8WeJV9qLNiI3Ur5B7WaSL61cxgdclQHz3UNL-ok7CRcZEcZJGIbVE4x8FevxS1EnD-jwLjicyDa5ii0HVumV8tFIsFE6DGyzp24GkPq1r7meAJhK-XfTJF43jSS769CLswwWPgXpfWo21wjoSaKhXn0oZRJm7-vFGkPEjsDwy2AK_BpLz3mBMTzR2nbelfV9KmnL0tCTjiaqEloPs2RPSPqduKJ1ssQxxn3R52foPNFJgMsudyicwX1Ccb38FMWyU3-7s3L64BaJ-CDar3SwV6ybEPO2z40DTJv7oUEZXMnEeaTHxXdXoEqlg4DL3SZU3-tz7MbSSvCivXAW2ggbkd61aRvTxQ

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9BDE 0
23 B 116ms
72ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvO14JyIlh0CR8i5OMZtDS_auC9al40jKf598QMOzug1AAvjzZ8IP0lB52QjCLZoioQpCuD1gie43FbAMgJNlJEdvEmtE8ykVuFU_jDcpiz7WkTDBbchwYvxrHLqaXUO6oWsK3oCOZAhJnj9DllxAnm9SMfyFp-Gp3x2e9CbxyaNqoLYjkJ4bpRpBjwx_GhwaEtcNCCaNIfM3TdIvalIm_bcI7HF458nCBzWSghQgSNPcVkyBVIXaFYyeLsMqXWTALQGg4XsheiW3B-48EbxnWTGneEt-__mFiPjhdvyqvqRkorQusOp03meS24z6VQjaOCm3ntyuwTRlsXOM2MmNYe5f3AOE6VYsKDfiFUjbq9wdhQirXCn7hrnZ_L1wuWTO0_ww8K8VI9GqWXPFv8Lw6orrRdbBZm_B1wm8ikNlpOu0v6XDfkipAqlse9G7W091p_gopDDzuWTKrtuxYZMJwWJ6SDnQeLMd-JOcyCxe0be0tnaL28dF4e_jxeaya2hC4Rvjgz62f2ljj78jfmUK4snbGm4Qa9kn6J50EJWJDP5cYeqNMg_0V-n9aGKuZ_6B-DtruC8AHvKakW7zoFPJmtWnb6ioL4vEidKr0WQ1uPz9Qv6LibnG6nMwEBYc71w9IkRmOGwkI6uJJI_azpWXQft0oQPmE1ywgSRMRTitPKX2a0P-Qrp6Vc295jZ0wW2aDOsO6G1vMc5LijgbxMwts_XqaZLVVVusxHr-DZi7VvPB_wRRCkD6KEfyjQZmkUqNgM1ezTaLAv8D4JBmVW90JBldsKM17D816ZmEl8OkRU3Jg32rcukZF44HvmKeql5dS7qKEFkziiK5VeoHKm7XurSGuSpjgyG5ysjbHY6HzRFM4KKbQwsGdauJnlvgeL_ecLLj4HvdGGJ0LwgzGANYvSmIrjbL3rISMPDFRo_aPl7bhnnZbKwy96cgoxJMWLjcfIBUGjSFRLUyWnK_jx4CsLEOhutv9nD2qtowGQNwJTH2Pk9ihllnCsX08LwNVUECnSfLs_k6drg7sskhfo8UUueoeeQn_FJ1PhN6Wh7G54Ssxw8Z3TvTdEtMxCDlawylS46FSajM9rdVZRqiwYnufoBGQlmmyy7FcxR-0TEaBEUXuqg21s-__AoVf7COmnbgMwulobifcVTU-DGRx89ThAOBqSEFR6W6Z9CgwZCcz6JeR_D6l5uvjp7qOOf9wmyZiPU_kc1MePbEkJsRwrsWbCr_a5Pw&sai=AMfl-YQFiWHhAT0-0owTscWmz-cKfKgvEddTSvoKy8GlVm7mb7MLO0YO6vOgGyiCpaii5-bcbNEPp704sub2BSiUoS2OfYtEXZSj8TDOGT5M-7NMopRG0joXMy00n_cSnchWK7cfMIVrZhNEJxELsMSESD0ZofaSCg4wKze7LZY&sig=Cg0ArKJSzHnZAqlUqTEhEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=674&vt=11&dtpt=451&dett=3&cstd=221&cisv=r20220223.92251&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 94ms
50ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022302&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b2036b41bf44fe3e07e591fb232062c622f5498764892f0c5776fead8732a32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 207B 13 KB
5 KB 98ms
32ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=2plus2.ua

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

f408ea8d108fb46b0ec7612b384c10211e19f6a21592b34a042751697f4249cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1386
date: Sat, 26 Feb 2022 18:48:31 GMT
content-length: 5145
strict-transport-security: max-age=31536000; preload;

GET
H2 200 84eb4635012b1b359e05041e6252895f.custom.jpg
images.1plus1.video/card-5/GRsFFLJ2/ Frame 7057 207 KB
208 KB 78ms
77ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/GRsFFLJ2/84eb4635012b1b359e05041e6252895f.custom.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: a807058ebf08685df00ce02d8ba5b9c01d58ec625569ed97ebbee8ef4cb9ae76

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Tue, 22 Feb 2022 17:53:06 GMT
server: nginx
etag: "a26b357f7dd6d76cbff19976e9d757f9"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 212401
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
DATA 200
OK truncated
/ Frame 7057 369 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f9ecc527406b9b72bc3a9f4527892dcf842584b7e6aeb7ce816a4c7c8803954

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu0SC55K5gw.woff2
fonts.gstatic.com/s/opensans/v27/ Frame 7057 20 KB
20 KB 81ms
38ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu0SC55K5gw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a2c8407b011bf0af8123c2160fc5b91ecf962e4039e82babbaaa630549c80f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1plus1.video
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 23 Feb 2022 05:38:35 GMT
x-content-type-options: nosniff
age: 306596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20876
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 05:38:35 GMT

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
fonts.gstatic.com/s/opensans/v27/ Frame 7057 39 KB
39 KB 77ms
37ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a83c3f260b750dfc47e4e5024eda4b4f80be0c0a3e0ae5111a3b0a799df64448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1plus1.video
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Wed, 23 Feb 2022 15:44:05 GMT
x-content-type-options: nosniff
age: 270266
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39556
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:31:06 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 15:44:05 GMT

GET
H2 200 gplayer.js Show response
gaua.hit.gemius.pl/ Frame 7057 22 KB
6 KB 56ms
56ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/gplayer.js
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 3fd728d9bd11f85dc8199ff8d93fef772802e911ff22a9c0e2a0c2eed13c8b8c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Feb 2022 08:43:58 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 5971
expires: Sun, 27 Feb 2022 06:48:31 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Feb 2022 18:48:31 GMT

GET
H/1.1 200
OK 5312 Show response
api.1plus1.video/v2/ua/recommendation_projects/ Frame 7057 5 KB
2 KB 86ms
86ms XHR
application/json 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/v2/ua/recommendation_projects/5312?cid=GRsFFLJ2&vct=3&_t983864574969
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 2ffcee5095a35324f3babe2b8a255810072fd7681736d49667c5619934bca56c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:31 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://1plus1.video
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 207B
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=2plus2.ua&sn=ChromeSyncframe&so=0&topUrl=2plus2.ua&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=yjZKh3xkQlBRR0tYbFZmNU9RWFRUaXhxaVlqaS9DcVhMejc1R2RLaDZhMkVtZHFRZGlQenBwMFEzVSs0MlZITWdnVjlkbmEzZjhWOEdMNkxmYitxZ2VONW95NWhTbnkrUjEzM2dVVTdoQmswekNZOGcvc0hJSWU4M3ZTWU...

419 B
621 B

110ms
32ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=yjZKh3xkQlBRR0tYbFZmNU9RWFRUaXhxaVlqaS9DcVhMejc1R2RLaDZhMkVtZHFRZGlQenBwMFEzVSs0MlZITWdnVjlkbmEzZjhWOEdMNkxmYitxZ2VONW95NWhTbnkrUjEzM2dVVTdoQmswekNZOGcvc0hJSWU4M3ZTWUZ1amJQb1dUaXdpclVxeDJCdEE5d09lWldQZWVJY2tlT0sweVdYb0ZueUtyZmhlOGIrOEYrdytJUERFNTZ5eldKVWRRSGpUSHM4TFRtdXVrU1c1bUVRdjVsMllzVXRjcmxiSzRXNG5mcTgxeExxWnNicUFjSjFldXJ6SnUxeEZaZUpGcFN4M1VBYlZXbmFydVVGRGJnREIrS0lKNWFadz09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

092360b951af669164009eec2ce27582801664fc1deb9f22c077d3f52587e33e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3349
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:31 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=yjZKh3xkQlBRR0tYbFZmNU9RWFRUaXhxaVlqaS9DcVhMejc1R2RLaDZhMkVtZHFRZGlQenBwMFEzVSs0MlZITWdnVjlkbmEzZjhWOEdMNkxmYitxZ2VONW95NWhTbnkrUjEzM2dVVTdoQmswekNZOGcvc0hJSWU4M3ZTWUZ1amJQb1dUaXdpclVxeDJCdEE5d09lWldQZWVJY2tlT0sweVdYb0ZueUtyZmhlOGIrOEYrdytJUERFNTZ5eldKVWRRSGpUSHM4TFRtdXVrU1c1bUVRdjVsMllzVXRjcmxiSzRXNG5mcTgxeExxWnNicUFjSjFldXJ6SnUxeEZaZUpGcFN4M1VBYlZXbmFydVVGRGJnREIrS0lKNWFadz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2486
content-length: 541
expires: 0

GET
H2 200 gemiuslib.js Show response
gaua.hit.gemius.pl/ Frame 7057 38 KB
10 KB 56ms
56ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/gemiuslib.js
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 3b5162e97e0561b1a659efc32c3e0625a4f6ed0c9eaafd0f8b1c056e3074ab13

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Feb 2022 08:43:58 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10489
expires: Sun, 27 Feb 2022 06:48:31 GMT

GET
DATA 200
OK truncated
/ Frame 7057 702 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 561441dc79747d46b37a2512786f952340b2eba13df12f3359c0edab2ddb6240

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 7057 367 KB
121 KB 90ms
45ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b9019b46768d884816f34f0572435e6b9060ff9d0ef785996285a9b7d97a715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124251
x-xss-protection: 0
expires: Sat, 26 Feb 2022 18:48:31 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F77B 13 KB
5 KB 35ms
35ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:46:15 GMT
expires: Sun, 26 Feb 2023 18:46:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 22F2 783 B
535 B 44ms
43ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

18781707e211fb2e7f02e048f7dabc5797a791bbf6ec7b47a3dcb3810bea9502

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rKvhaxThZH2aNY0j2RyY6w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 26 Feb 2022 18:48:31 GMT
date: Sat, 26 Feb 2022 18:48:31 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-rKvhaxThZH2aNY0j2RyY6w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 7685b7308bb44288c4f399496048c4df.220x330.jpg
images.1plus1.video/playlist-1/945/ Frame 7057 59 KB
60 KB 332ms
331ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/945/7685b7308bb44288c4f399496048c4df.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=b5304ce8eda1f5922225e08fe4ddad3b0411776f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 143f50225190e7a587d8e43d7504c7645b29f1dfb957eae82f59977a6cc35c98

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Thu, 20 Jan 2022 12:33:22 GMT
server: nginx
etag: "8bae3cce1b9ac9a8d0dc652c45b532de"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 60741
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 200x335.jpg
images.1plus1.video/playlist-1/9960/ Frame 7057 14 KB
14 KB 456ms
456ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/9960/200x335.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 5767504edc32715193265cf5d3b599a76184ee3dc0856d90915fff2474ee1b24

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 07:02:02 GMT
server: nginx
etag: "d341bae25e9d8c82ed89d493016581f7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 14487
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 d7f60cbbe44b9dae5880741e28d70912.220x330.jpg
images.1plus1.video/playlist-1/118672/ Frame 7057 67 KB
67 KB 1119ms
1119ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/118672/d7f60cbbe44b9dae5880741e28d70912.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 2d03e718a6db9295438e1befbaafd702ea3dc166d0b9692d62d39388a7f46c9f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Thu, 23 Sep 2021 09:30:37 GMT
server: nginx
etag: "437b09bc5b591a29cf78d913152abd06"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 68583
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 401f2db4eaefece115eeb9df7d3e86ac.220x330.jpg
images.1plus1.video/playlist-1/117367/ Frame 7057 42 KB
42 KB 546ms
545ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/117367/401f2db4eaefece115eeb9df7d3e86ac.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 6293f521774b6b93d40167b6f8444f74aa28f97d8770e661c48e8f48a56b2acd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 11 Sep 2020 18:35:31 GMT
server: nginx
etag: "dc3d80de568eb9be42b02ed43897603b"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 42986
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 7f747c29126040a58b14fe56b171b515.220x330.jpg
images.1plus1.video/playlist-1/117373/ Frame 7057 94 KB
95 KB 707ms
707ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/117373/7f747c29126040a58b14fe56b171b515.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 02980da7a70f044e6bfeb938aa6bfabdcdaa46566a3cfe1ccc21ff051cceab7b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Thu, 10 Sep 2020 16:19:30 GMT
server: nginx
etag: "40848fc60e0da33903da0e37dbfa6840"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 96590
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 200x335.jpg
images.1plus1.video/playlist-1/42106/ Frame 7057 14 KB
14 KB 605ms
604ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/42106/200x335.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: c813978c203eb98df63ef622f0fd549ca6989556287b3db1cc0ab1fdc09d111e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 07:17:35 GMT
server: nginx
etag: "4ade34d9cc2f0ac3958383d7fb55c904"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 14103
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 228b454045e09c310f5527498a6a5ce1.220x330.jpg
images.1plus1.video/playlist-1/120214/ Frame 7057 81 KB
82 KB 1020ms
1019ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/120214/228b454045e09c310f5527498a6a5ce1.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: bf4b80d75d372b22fefb1daed5d5d5113b8895af5d6f876a67dfaa07b6593c30

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Mon, 08 Nov 2021 14:27:00 GMT
server: nginx
etag: "71bf4a961435d1e5ba11acad363e4916"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 83351
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 1757fcb6a34daa11f893254fee0138b4.220x330.jpg
images.1plus1.video/playlist-1/7446/ Frame 7057 42 KB
43 KB 473ms
471ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/7446/1757fcb6a34daa11f893254fee0138b4.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 7f573b2edce0b3073451c72bda43d4ae913c43a4ce64d90e69ae2897aa89c1b1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Wed, 26 Aug 2020 15:50:23 GMT
server: nginx
etag: "f2333e2ee23e5c2e678d7020c404c167"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 43372
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 6177cdf648fa216ef4a7048ada9d41f9.220x330.jpg
images.1plus1.video/playlist-1/16436/ Frame 7057 74 KB
75 KB 840ms
838ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/16436/6177cdf648fa216ef4a7048ada9d41f9.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 7b32cfa84fdd461f275411a68fff851cb2b5a8b53aaa78895e8a9799a5fae028

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Wed, 22 Dec 2021 09:01:48 GMT
server: nginx
etag: "c512c2180bdc3e0a0dd7f361e56674af"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 75999
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 022336803270603fdb76c6276487f060.220x330.jpg
images.1plus1.video/playlist-1/96499/ Frame 7057 68 KB
68 KB 604ms
602ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/96499/022336803270603fdb76c6276487f060.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 33b0845cadfde7b076992b61472f7bbbedc2b1888273abba031afb22e16c7e2f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Mon, 27 Jan 2020 14:31:43 GMT
server: nginx
etag: "33aa31758d571b63503338aa9e90e1b5"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 69488
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 200x335.jpg
images.1plus1.video/playlist-1/42786/ Frame 7057 8 KB
9 KB 1226ms
1225ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/42786/200x335.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ffa5fb7eb8caa6e27bf960fea9a78330f7241b7f92c44f8753e01dab43f63e81

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 07:18:30 GMT
server: nginx
etag: "8594b812d970e53f80edfa5a74cda189"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 8659
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 220x330.jpg
images.1plus1.video/playlist-1/45/ Frame 7057 10 KB
10 KB 1228ms
1227ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/45/220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 54d441747485b0ce4aa2160e6886895671f866e2f721896cd849f5e818fc2c14

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 06:54:51 GMT
server: nginx
etag: "b63ee498199203c382a896370ab3d107"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 10268
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 220x330.jpg
images.1plus1.video/playlist-1/44376/ Frame 7057 14 KB
14 KB 1225ms
1224ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/44376/220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e907d3f2e9ab46e2d2959431618413d3cbe722b9761e406bf765d156b154f90b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 07:18:50 GMT
server: nginx
etag: "396db528b829a5251e8fc08d8ff63368"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 14386
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 200x335.jpg
images.1plus1.video/playlist-1/41106/ Frame 7057 13 KB
14 KB 1424ms
1422ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/41106/200x335.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 6aa5844ad135353e46dc232fe26175ca0b49c9b5ae0fca001f03c06496c05c1a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 07:17:14 GMT
server: nginx
etag: "0320d58c71f341a6792beac800431198"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 13823
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 e2811c3b984e91c24e364696bb27bc38.220x330.jpg
images.1plus1.video/playlist-1/93/ Frame 7057 73 KB
73 KB 1340ms
1339ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/93/e2811c3b984e91c24e364696bb27bc38.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 623b8ed926c2eb6436ec5a876949f4986eea52ccb69a6a0064164dd9d6361179

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Sat, 30 Oct 2021 07:14:20 GMT
server: nginx
etag: "a24e7612ca888c6a3f26a9c9ad42fb7a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 74890
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 52759e332d72e4e5ea6cfdd15cbd3731.220x330.jpg
images.1plus1.video/playlist-1/117748/ Frame 7057 60 KB
60 KB 1255ms
1254ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/117748/52759e332d72e4e5ea6cfdd15cbd3731.220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 63e428055bc4277e6d21cd8063ac69fe1abacccd76c33d351fe9f676fc2e9c6a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Mon, 05 Oct 2020 14:57:05 GMT
server: nginx
etag: "46119a64774b4cbdb3e834d88660a790"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 61315
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 220x330.jpg
images.1plus1.video/playlist-1/7465/ Frame 7057 19 KB
19 KB 1455ms
1454ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/7465/220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: d2fd3dcab9136d1111f21f56e0c391c2c0658b22d121fb05125caabc5eeaf6bc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 07:00:27 GMT
server: nginx
etag: "afbe1de76a3ccd410030c81b1d51e2a2"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 19057
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 200x335.jpg
images.1plus1.video/playlist-1/10772/ Frame 7057 14 KB
14 KB 1431ms
1430ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/10772/200x335.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 3e50ec9bf9cd0bd36e6893758780613e45003ce16354ba6d3efff6e51edb6ef6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 07:02:21 GMT
server: nginx
etag: "26ad09546b4e87969d932db4f3ddc063"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 13879
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H2 200 220x330.jpg
images.1plus1.video/playlist-1/42576/ Frame 7057 12 KB
13 KB 1203ms
1202ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/42576/220x330.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: f496a8da227cf8723a7eda7461943315e18ad5c492acbe8ff7c018a1de41bd83

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Fri, 27 Oct 2017 07:18:18 GMT
server: nginx
etag: "ee8ae2d9e34b1fa1e32b57a6989026d7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 12685
accept-ranges: bytes
x-1p1-cdn: BYPASS; Sat, 26 Feb 2022 18:48:31 GMT
expires: Sat, 05 Mar 2022 18:48:31 GMT

GET
H3 200 iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js Show response
pagead2.googlesyndication.com/bg/ Frame F77B 35 KB
13 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

891bbb47d2add07dd4c05d7ecd02bb2cb830225f03691961af7aa92931c20c86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 15:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13728
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Feb 2023 15:40:28 GMT

GET
H2 200 fpdata.js Show response
gaua.hit.gemius.pl/ Frame 7057 281 B
353 B 55ms
54ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/fpdata.js?href=1plus1.video
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: a6bf5beb12905f146473e8c734ea9381c2afe04122c6aad4ebc0a94f1fc5f9a2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 281
expires: Mon, 28 Mar 2022 18:48:31 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 587D 5 KB
3 KB 54ms
54ms Document
text/html 146.59.30.108
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.108 , France, ASN16276 (OVH, FR),
Reverse DNS: ip108.ip-146-59-30.eu
Software: GHC /
Resource Hash: 570baa6d1a93a58670bff6c7013e7ab2432f34c10e6956dc0232407011c8951e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
expires: Mon, 28 Mar 2022 18:48:31 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2717
content-encoding: gzip

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 22F2 0
0 88ms
87ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022302&jk=4131258251116565&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 224ms
224ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:31 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H3 200 bridge3.502.0_uk.html Show response
imasdk.googleapis.com/js/core/ Frame CF0E 589 KB
191 KB 37ms
36ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.502.0_uk.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be83b0a40b7af11acdded6959ed76fc0e280df146d722639185bdfe41eb6f62e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 195797
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Feb 2022 00:22:07 GMT
expires: Thu, 23 Feb 2023 00:22:07 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Feb 2022 23:28:24 GMT
content-type: text/html
age: 325584
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 7057 44 KB
16 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 26 Feb 2022 18:48:31 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7057 107 B
122 B 44ms
44ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1plus1.video

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST csi
csi.gstatic.com/ Frame EB8C 0
0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 9BDE 0
0

GET
H3 200 container.html Show response
a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B2A6 6 KB
3 KB 36ms
36ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:48:30 GMT
expires: Sun, 26 Feb 2023 18:48:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F153 6 KB
3 KB 35ms
35ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:48:30 GMT
expires: Sun, 26 Feb 2023 18:48:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/022202072236000/ Frame 2A7E 220 KB
60 KB 111ms
37ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022202072236000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9c141103b57e547274799df03069c30320e8cb3ec4facad8e6fe7f658f985fb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 323432
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61570
x-xss-protection: 0
server: sffe
date: Wed, 23 Feb 2022 00:58:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "55d07b8fd23efb21"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 23 Feb 2023 00:58:00 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/022202072236000/v0/ Frame 2A7E 16 KB
6 KB 185ms
110ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022202072236000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 323432
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5708
x-xss-protection: 0
server: sffe
date: Wed, 23 Feb 2022 00:58:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4c9170e21c83610c"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 23 Feb 2023 00:58:00 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/022202072236000/v0/ Frame 2A7E 96 KB
29 KB 179ms
106ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022202072236000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 323432
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29623
x-xss-protection: 0
server: sffe
date: Wed, 23 Feb 2022 00:58:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f660f99fdfd5d6c6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 23 Feb 2023 00:58:00 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/022202072236000/v0/ Frame 2A7E 5 KB
2 KB 109ms
36ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022202072236000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 323432
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1844
x-xss-protection: 0
server: sffe
date: Wed, 23 Feb 2022 00:58:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0f41eb8e6d0a727"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 23 Feb 2023 00:58:00 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/022202072236000/v0/ Frame 2A7E 42 KB
13 KB 182ms
109ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022202072236000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 323432
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13623
x-xss-protection: 0
server: sffe
date: Wed, 23 Feb 2022 00:58:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "14164defe327400f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 23 Feb 2023 00:58:00 GMT

GET
H3 200 uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 2A7E 3 KB
3 KB 37ms
37ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/uk.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 04:23:55 GMT
x-content-type-options: nosniff
server: cafe
age: 51877
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14587847488922671356
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3073
x-xss-protection: 0
expires: Sun, 27 Feb 2022 04:23:55 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 2A7E 344 B
368 B 35ms
35ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022302.js?cb=31065323

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 6567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Sun, 27 Feb 2022 16:59:05 GMT

GET
DATA 200
OK truncated
/ Frame 2A7E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 383e7ec7f7f42ed01c59f95ed5ecac56786c624bdb210eece5b74356803e71d9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 327439855479706504
tpc.googlesyndication.com/daca_images/simgad/ Frame 2A7E 140 KB
140 KB 39ms
38ms Image
image/webp 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/327439855479706504

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

802c09a6c9e475199663132b2c763abe2d857d409b253d87864f26c1ac923fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 24 Feb 2022 12:40:39 GMT
x-content-type-options: nosniff
age: 194873
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143814
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 14:25:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 24 Feb 2023 12:40:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2A7E 0
0 44ms
43ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSHfrbC_1FxKWCiJ-rUuC31uG_vrMBmMd501m62WNRIpJOQd0hi_WaJi4-ed00MnlunHkMixNLg3qp6G4lKwBicxJ0lrQ
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2A7E 0
0 66ms
65ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CxmUf_3UaYsucIqCIx_APp5aNaO2itstnluz3yoUPpIWTwLABEAEg_f-FI2C7hoCA0AqgAcLbz5QByAEDqQKnSsadk4G2PuACAKgDAcgDCKoE5QFP0HpblP8qwzsTKMVzPsRMtf8Dpj5ndokhI_GGOzrq8GAxKAiDa3vLqA-JC7Br5gVCaFv0V-IfmKgqEH7XGoBI79Iuay7AD_UffvrGfjJokH6uF7mj9ckMMYubv25tZJ0FBbZ3VSIx9fbGP3sWw8GsM0D918a6RfuiKiL8WdYP-eAkdIzbTharbxj8MjNM5stciqevCOKNfucmu-EdeH5wkVzEnBThfwz7cPyeX8o9G4XxsW886-gtLgKYOPieO7FgFka6bb0tU8Bck1Y09BDIfLH09JR2W_rwRtZc674gVqFiyHUMwASiw9Cf5APgBAGIBYvYi8Q5kgUECAQYAZIFBAgFGASgBgPYBgKAB6aksOsCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQkbYIoAj3sagEsAgC0ggJCIDhgBAQARgdgAoDyAsB2BMKghQLGgkycGx1czIudWHQFQGYFgGAFwGyFx4KHAgAEhRwdWItOTEzODI0NzY1Mzc1NDUzMxjV2xY&sigh=p5fVW3sjeWs&uach_m=[UACH]
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame FFEB 37 KB
13 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 17:51:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 26 Feb 2022 18:51:15 GMT

GET
H2 200 redot.js Show response
gaua.hit.gemius.pl/_1645901312056/ Frame 7057 2 B
230 B 54ms
54ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/_1645901312056/redot.js?l=107&id=ByA1NmOpnbt8LmYqyjQkWrd8.l0YgocyqLXiHjiJayv.h7&et=data&hsrc=3&extra=_EC%3Dstreamcontent%7C_SPI%3D1645901312282%7C_SP%3DGRsFFLJ2%7C_SPD%3D2plus2.ua%7C_SPV%3D100%7C_SPR%3D655x370%7C_SC%3DGRsFFLJ2%7CcurrentDomain%3D2plus2.ua%7CcurrentNetwork%3Dhome%7CprojectID%3D5312%7C_SCV%3D100%7Cmute%3Dfalse%7C_SCR%3D655x370%7C_SCT%3DRosiya%20viznala%20LNR%20ta%20DNR%20%20Sekretni%20materiali%7CvideoType%3D3%7CUserType%3DNotAuthorized%7CCategory%3DNWS_2P2%7C_SCD%3D211%7C_SCTE%3DVideo%7C_SCPD%3D20220222%7C_SCTY%3D12%2F00%7CcontentType%3Dnegative%7C_SCTT%3D1&eventid=0&fr=3&tz=0&fv=-&href=https%3A%2F%2F1plus1.video%2Fvideo%2Fembed%2FGRsFFLJ2%3Fautoplay%3D0%26l%3Dua%26logo%3Dplus2&ref=https%3A%2F%2F2plus2.ua%2F&screen=1600x1200r1000&col=24&window=655x370&ltime=91&lsdata=lHvW5lc_KJEgbcMh_V7uki1JUJb0wIcsNl7tff0KLlX.z7BKSYrq3G7xpocjT0B_2WmeKg0_Y.mKJsTOZ5plWQLZOT9f/HzDlFrcQ95IXA/&fpdata=-TURNEDOFF&vis=1
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 2
expires: Fri, 25 Feb 2022 18:48:32 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A3D8 0
20 B 72ms
72ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022201&jk=3760899305414281&bg=!FRalFlLNAAas2QJZrNk7ACkAdvg8Wtnk3IYPH9o7srk-6joEZzKc-mGDZQHg7YrizeqLurI-ubKqUwIAAACdUgAAAAJoAQcKAQgwezW2c1Qsp6b1PH70DGvsSDYprdQy8dubZoXIQ53HvEvcVu3VqhUG-GFCiFghQ61CsEwKrKyZZOj4TW4zYfwtYIFbejPflsclf8t-R-936hR4R5PY5HoRZprYsr6BvKf8DSC3wAhsueIHRs4oKK2exvwjhmv0smMvATE7GGMPv2gaCtgvwrQNlqbCoFh5foYXsR1SA6uK-xL-oG4HGvnhlJByWwW7j12kqabqGXvAUj4Zc_lvcTa3wUs5NkEDJ5T68JeDkgPvIr1dwMYOtDGAThcqUoXpKE8PlU5TaTskiQKKLJZurj0EQTo5pE2rv412yx6_ZJ4ReIk8V5k-FqgDsPvwsh5pJ8CZAoAdNo5xjaJBLq5vnJQQIGJMAr2Sy9op7dvrkN8g5WD1pJnesDnz09dyRW06er-1WXVxKaJ5Ae1HbsxJ4GqdX8N4-yzC2_nFiy_Cz9vU-xsleV6kQQcbWhpFQFMIXmmh4v0UTdjE1CJbdSv8e2M8M5BvLbbppBnaaE5Wq8PMAa8-imFlbz7OoF56Y2fKVdBrQgsv8pF4V1AqJzxF-HplyQS6Fix33pw3KLMlsX8QioPiHZFAKiPpAbN-s9zu0rSVWe1rloDb35csW9LjprVhq3_CSEteeNpJF2rxhDGyDncxC33uIXJN25TiVW5do4PPWLt_cqSX6rjK7gcbRWV7_4YstgE7WTpx4NVI6B6fcAlEWrMyQYqEZ6n3nwunktR3bNKzsdDU_4f9b-OVW1ZPxGkpBH86o77iNpQzOj5PybUzc0CA_CFduT1Rj19-P910egjxTMW58tfs4s1Kbjyjqf82amA_axEcCe2hdbq6-flk6VzyoUsedM-CTlMbrhmmiK04Qz-2_dH18W6MFu9zbnr-QC8H1zMIFLPuuEGIHXsTHA97lwc5MNX0zuSgKBkHCWm_qg3CfoE2NPzhehElg6V8HSasIhLbZUsvI929UOpeuMGzqWx53hJ9xPzNXuDinbY-N08MBzO3Im0xeajUacpUsVF5YexXjJ5I7DlTiC8Fie-roAObSix8onGP1D-7trp8Qf9Rc0DCoK5HbrQfKMQrBsSzEq_JMcEwgRMZiV6cUsqxI_YGkAHM8vtQv677UcVJpe3f--fO3Aeldl-ElcJ6w9D90LotE_is6zfW88YPB6BwMo7MkDehSDjzH1zHmVmXWWrTJbaIclG35x7IXoXw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://vid4.tsn.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F77B 0
9 B 35ms
35ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?jI1evA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B4A5 640 B
318 B 46ms
45ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIYk5nwvAEwAQ&v=APEucNVQ_cfDL2Ffs7dW3jRBrB5VeIJ0z36GccZfelFDr2v6m2AEfIEf4h_pCB1XnsGUYIc2dlXakVi8QVW1_Rt7RS0iHWBb2oHEqRly4bHUeoYXJISJjQUC4aXrRsYlxB_fAj2CmKIe7MwvMttVVhsZwzy4cosEwJRZbdB8MGtLH2H543NSVOg

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Feb 2022 18:48:32 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 26 Feb 2022 18:48:32 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B2A6 76 KB
32 KB 99ms
98ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CWgySPTawjfVHGsEPjxHyo7PRTpf9_B7o8pyzZLsdoc8qKKOudaC7eCMSHW-puZiuCLBXDdYc4PxIahw7YqfbUyJwc5sXswUVHlT7HNi2K2eUVm7TftTGo0RBqeFqJI4ySMg8hFAwtQfyiKKHvroDMoEGljA&dbm_d=AKAmf-BLEnRmbrFV6_V6sGsAn8648LUQR8OVlM6_m2XcxwqzNPNRiF2lXmLBpy03LIJ4wqsLzLph_pPhO5lElOY2FdZykYE3Uof9ctfb0K2qCVasuoJdikqh-MQB9RrfmVkK2eVtxdM6WHFCWje2jU1BlJ2wonrBAH7wPRExFhGyFU6927_RtKtKAMT8QidPtygMXVVLAWVBrWJHcryJfKqVRTlNrCDvC8upWielsw_CbBeew5q5GkqbftO9dHyk5gd45WKsTn1zIW2_u0P8e0QbPQQOjoMfaySNBCPxgh14B3fje_z_MGDiMoc_9WT6YpQAMN1QDriuB9dRObwfwLWHyf57RE0iUvPGiiGnVzrQiyj0jJ1HcOWzTxoPHSxhvD12Zu50P6ZbKCtXHIMVzXGy47ERlg14O7WwgZCuydP6kVCvCN2imK1o7rP1vdP9RXPjlkb4_UxY8usZOhWt5GOKBZ064Rennvxj61IyB0QFqVzZX931B_yp3rWsJLNUo4DB9GqFxU8YwoKjshUuGoJ24GL290dhB4kzClDtWLJYiG0amv6qv1d-9cuafls1_1rkzzPEW-X9DipjyYm0lBkB77GqVDpv0DbAODDUVIx9U37v7QobjufK8VrnXJrlTSeNyaxEdmuQdUmK-hH94IZ7IO_4qjMVflxayQqy13izOBMBmeYRNOGri2c-CAF9Z0KF9XjlCHyH2h_Sz4741ZoHmw-sN29mbbALlv19dkF8Cbq8VI9llp3_CbVuKurbgwvSylj6N9Z0xO8T8XdBhEHDxzcOyWc7zlpAoTbeXgifnMg00RDcQEOE28aXFq-3BUWkVLLW9DO3sZMJrkyCMYcSj3D_FRJpwvodyPxul7xyXb4x5ZCnsYq_u4dEm5NQWG05INPA5AaOuL5R_ZcwxCCO4x0HcClsEYZ6E7RhqCvY2U0wlBpj9MVOmNY7P_Eoy1PtaQ5KH8edsijwQ45gLrWlA0UVUfLR7x9jqTyhWhygK2D1k8tVO5Eek9LUmSm4gbRMUqNGmtx7BwbphrW5caFJcwigRM-EZFvdXOH-CH6pEAFhzwgdAUvmhjTiB8y1u1U5etvhl8O0A7oKYE3HKR3QjVVMmeUKYltcN5tn-ZDJZXzZs7LJDH9qodyk61efB2UWWlbTH1awXXgZEi0JqPQVLQ7ZOtXJv56erEHxGBS6RgMFVmOfKAiaIA6bdgptJfuZ74bvHGypz-WlMC7sV68oLWvPt82r4Tnd-Me6vOvc6Dr4KQeBE9H-tblnMuNHbTzFIAKbXGJtJ-dJ5BsxywAw4H7N_eH1qZXs2fBQDbIGWHwBNgNXky3Ln_n8MzOc9f9M1uGXSxUXlgKZOlbX4Q8YmRMSVokSnNytVGzVTOYObbYHPwAcjvFE9ZAc9l1tMT4hyTfTHJWs9Hc3AqEiksmk0fx01hYYRRCPolgc3J8WXGp_9qLXBU2MJ1do5ATYsNre6KeMFSUrmwGZkMft1idMCdPJXegb5LwJxH5LNPQwvR1Q-0-HxiflZ0ysOa4-oMC_MECAIPgvN7q6Fl_gd2gBbPypCogCkOUKXRBzlOlpRsgNStTKL0Pztu0h8BkMWzhqfRK-njgSoQRUR7Z2nLuwr63osQM-GLPbM1VQj8NMIosYeXYMi6z75Rbf-NXu9YPey6bWEIc3bKT-9wZHIjATTLk3wYiJVADnm0x-2P2TNDazYCnd5jdCgIw1b4PtRIsIU-cuAzQKFNT-GCQIcoqRRMvvIYUNgYuridW4ilbH7V6OpRzKoXiTd6gKn_B_RB4csXWScLQgIjJyInsdXjq3CIRp2kQVDqt2K1lKAxbeGH4CdXDo1NmnVJE3yRw2fTAWlCIL1DeGj_HQm31C90t_wg7h0Xr7VtCK-XLRrSlz1badIdrG_KkcJCeAA-QFFPY5ISzFiv5EaaJQzTcd0TpP_1Qnevd4FrvXx4gXaqvkkYaTlrHairIXnZ5LbELYUJceJMxnAEwiR5UMOSGUGoDR0HtfCAL_Ylx8wSpGb0EJORG6iQJyUsD-vH5LUj-ENsFvRdttiqzrwSVGsYL9qAi1Gw8T_YTD65rVavPk6not1Vc4YZepDFr0ba5O0I7TPXrIPlOIwmKzDyvhJCsEkF37t9HHTXUxBCGQmgZUbKNT90cztQh2dyEsxF2kS55jsAZJY-kwPR6VkUHCfHTV-DURjLFe7n8QJIi34hYMBVatGoCPmtliHqSHYeUb_XPtjqbOwuTtlx6r-tLAAVs4xNC6EG5NEcdVezq68bHsv1lOXZFfANnpdNgaye86jh9RkTUyWETFlfMu9nvJ7XHKd0pO322QmPvfVTpMpoMD32tmI-kzfWDdc-368I4fmrS82A0EYQHoZ8bZb5g57De1yCgu2G9uySP3Vxf0M9HnTWqGbOSh-UhmhzvbAeTkmqUYIYr7Em2OAfbv99keXGVYviWVxab2q14y7D0uUjhS866p_H1xfA5sJa7L7amYADHLBH5YllrIWIYTnsfSUEPoYwVKFF8x8EtAxOT7eG4ySzv8ldAFqI2njKOrF_D8DrTuzRz47huwnyQlrg-JjST_ozyxv_NCzyYlqaNXadjojSbNOCvv1-vh58fB_vaP9rVeTEwhepmmDyhjtKpKnlxFfCAyHDS-jibbQo24PJ-sqE01M7ERatki0QAGyxyUdgzBn6CanrQYkRBZ3Ab98M7BmhtWGGUgi6N2BmTDU1stcd2rU9SqUZ6gGW7vRgQxIJCvvAaMlt1X91y1ITBdAcqM9TiQGTPcclyba_KulniR4433pbfg6XZ5u5rEhkiKTH6ta4iXOJb0lxB_feJVPjVnkmJDs94jDpDYcu_B2mZJRNa7E8sfOQIR5FX2uU2WUrca6LmvPACGre42FrwdrJ7pt2WaqAn8nEVqcImXpLPltGwfnv7ca0ECBQD1yFSIDIC0qeyV2HJjcdP5vBqiw6hnE5KYKkEv0YmcYYdd7Hn3mQr-zvrOxCDQoROQz9OyR2AS8gd-E5utPVAlW53WEjur_Z6Bb9557-PitAgj3BxyFlDCOq-UjgMHc0QKziPei3h1Blmad5aEHV0Ch0iQYKPb0q-j0efoFDauBNplVIkWIde4g8nsoaVjAI1ozXtFiOtNkW8OfXKeEy-UcnJH-GB2d4ueDKncq79aju0yedyvV2tp9Z2q8t_t1dp1AgRY1nOxU1735bY0Rqs6ZzsvqNbZBHPKXvp2-Xc7zzR0kNEkSAyILbtGebOuq_dsU2KmV3sNh8N57AgUDzq4sM-M4mQgKnaSGNamjVQmYg&cid=CAASEuRoXb009o2heXbogxZxaGeexQ&rfl=1%2Chttps%253A%252F%252F2plus2.ua%252F%240

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e41c86a1b667f6d0bd013c35606a00bf95dc1eaf19623f0fe7d2a7c4f880427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32490
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B2A6 42 B
63 B 70ms
69ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A_e-Qqq3-oV9DOKMJ2lof7Zeu1lNNELFaqrdxb36VLFmXDywNAaUMSHxmpLisTwsf7s-S0MCWJfZrl9upJ0q25mYDSIA_N1DQ8jBmcTVSVydYFX7g

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame B2A6 2 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/window_focus_fy2019.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:47:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B2A6 124 KB
38 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c17b823ddee789bdc88b380ce8aa533558cbdef360c5da8e1f9f0dd3b2a1040b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38829
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645619776399499"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Feb 2022 18:48:32 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame B2A6 15 KB
6 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3deec1e4d19cb71b80daa6f050c395fccb90d7f1c2ec74a920930d476013cf97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6434
x-xss-protection: 0
server: cafe
etag: 16791967082338318403
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:45:28 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B2A6 0
0 42ms
42ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQG29HdFXrKaLPjUazi6IIYq-EWlfUf6Dlb8zZ39edfs2hOSGSanEZ5oiGoS-uXhrgrRzAwrVzCJARDq4f8Pmt1jcaX9A
Requested by: Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0342 499 B
336 B 47ms
46ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNVTZvFU5Icen2bT2FdnKzp9T3Dc3nC85zqcKEw8J5sPMKxWSuzfYJEPka-McK5gq8s4-G5jRS_nKFK7VFI-1NweFT9hJRsSNjjzYZngmSfQShpLYOxXrejRnuj3HNJQAtHi_bQpYMWT5HA8dQcJBZIvzsHR8WFJvCDxOh7yrHfgWAq-d3c

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Feb 2022 18:48:32 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 26 Feb 2022 18:48:32 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F153 76 KB
32 KB 95ms
94ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CgG306gt0kXqGPbNIMJLDNmAc8qK05L0SxEm4FDou3lr0QGVl8YoX-WuLcxokej6lsZIcxd1fKM3yg7RgoS41tdgtYDzEZxdCB6pl3IrZrabG819UQk0ty9aq5bqs67OOyRkHhKEiOt1q_F3118QC6FMR4ag&dbm_d=AKAmf-CR_j20yffz3L1KUBsF7v0HebVKs1ourwdoElddmmGGIbi7PHHHxBE4_H2EuZLJtWwQ9_C3xjLcQjzBqhQmUQDThVC_2PwXRwizk-TtkLWfiuJTt0Fz88tnZSmMBDd7ihDC-62wRXdhKuzRqQwxC1SlDhF65om8Lh-MgSBgNTz2OyrpFaa51TetiBokJdNe85DJKPV_Ggkkuqr87VeFeCuaj7sF0U6kCae2IS7YmIpLbflso2-5j-Fa0_2s4Xz53sp6IlIlqsQXPYJ4mufMYIi57jrawHXr_ySWZ7S9mCr2fg3rEVfj-Ni7GaXkhcUT_zkDh2dO2_Tgz6O4daMe58gSRuu1eFWPJGs2mYuCnkLz8gzkAkILKFCcaEzv7Z3BkPUgZCoiyN-oxmIL-J2lm_KlIM7lLjKHZQhG2nRAehqSn3x19fFigvaEEBvfHro-7GFFn3tx4_CJ4qvAS_Rwr6wXFbZW6EdCV77BFh_L_8SvHz20VgXV-TWYDARm4ovL4M4kaMkgVvNuzLlC4OI980xjk42az9K9KH3kAbcEvdmcr5apQvr1IOt_6hD1vY94PA_o30H80OfmOd4ujY1_P2xbep5rHWzPDDMotqTT5IB11yuQzqTD0AEFb87D80Na5s_xfuOll7Kpv_IPzyHfE2kN3i7pnuaAlrnfPPihFjvwLmYyNYzKz-9fpZmd9lquvHUYkE9g6CHyGEm6-IdfoZ2rFNoaWZ8zzl0n32ox6CdmTdAPK22akNdJuEyYFzd_atgQfEE3qWT3UsTqo-aXiK4NEQxyXomefi4gVaBknr5C4kegxgEvsA7C07IrsBQgxIzfHfuznKbdPy9lFnLe7gBSQMP5CjBErFhJ_Jix0oi_uto5u4oVCM_ckJCPledh-bheb2eGdUJYRB4lGEpRk3JY2qNT0d5OXJvNv3Jl-aPHkw87xc1FCOPOvSApBVALZ1pZnz8CUvjmBA_CUMzeOTKWuw9KBmsh_NwAmwLm8lLrSCghAiWsfpLZv00VpJyHRnCshL9WdhVYlCnsINRjcG7_GhKBJeDIet5GDjy-HqCv2vWl9flnFtYbDTVwbB09BQqmXZp8vwtd8svOaD3A2dpVtQD7gjJ2nqTinMqJ1Aqmas2sDwVV3hWYXMKj-Q-3fl_bzybChg4uZAJIJGa82K0K4OC1rCvB9kF4XM6z8pf5ibxYg9gMCvt0W9o0JviW0Av_n_QITdDdMu8gPW8RF3axFIHqGLlyiheL789_kJNR0T-uwSh79kndbkAaBoP6jRUWmilRudrkYCTTgeYjA_zisFeKtP21yt3wkJxP45LG3jrx64Kx1xESgGaj1xdgTb4upA_Y5EIGsxK8pviaMQrVZvLmSvp0CizedTe84ncjqGSmNluhJNnmbSm1EiqTIAWWf2hXlfZmBy6hOij1EXUO6Taof2NdH85F7Z-1nnoIeml_e-8UN4ppYQsxn_GyECVSyxf9wH8xNeC5rZz51ODe0jhHwu6ejXdYPhwZBEw3NQAC1EOFFoL2_ubo22scARXXcQYH1y07LCPOeFXMKmHkVaUvKoLRW7rbjCRHI1wKfSEDGLfW8vcWbqh-NLyQBkxbH9Mq_c3_yKzs_AVdsSCXV3X7BIauo1KTkVWYGsIPg7b8Q-CnMzv2BCwb0pFTMOJ_yHNQ4JVouxdCjSozHZPCRFRBgrarjEZfDyfxYYUYInp2dnjr5QhXJviyjow72XJw_aOU5kuitfFRwehmGTV1pd-aVqgWR_MjKDT2gzvTHwELI_rU0Dx9RAKMf7g7Nds4uaEc0EMAYztfwIO7uD2amlCnWW5X-UYprL2kUfHL3MlWdTrifXTsKO6DZVu5mfoWQ14N1lyIF4XdJp949k3xzb6bkZscHzwgFKDcYNVXYle84XjwrSmVBOlrxHwssizHEwoS4WYnelydQu3R_17Q_j85sFRtmoNsGx42HWspnvGTj1Va-DRO1xZFzmpBGo40YqmVnsKWJk5i-MaGgd6XHfLjWp7hN-YGGnAfSJ0iNUcdCPhaw2D0dUd9RhndZ2qREk0_mmNJmuFzfc_ZPI16F6tv7Mn7aA5K69INfrqGJNUUnyU2PGQ15Vcpf3m6ha5NygAlfvcQEbiH3FwC4co7-1mncOkfnQtnxzk9sirmhXLfSJjNWZ_AS14huN6iUjvcjf1VfHUCFgEh-T1Lr5KkEUSUPxwXrjJVVcVL5XQdU75C6Tzo3AP4AHznxqM7Xi7jjk5isizIZUNzrZtVgDcuQmr2RUiw3vBh0rrcHlXsDzlbo7RhkU-NxUDtgazEPtsP4XlzzZQADDp4VEQYY6ab0pfY5WgrjGcMcBozt4ComC96n1AqliNQhhCvqIpAvaH-wek3Ez4S8w-BHJT4ZRcEapFEkS6GttjxY0f2fTfqAiaRBa_jmpaZ_n1HYtBkuGiSgPdWc-_Km6RDrFQogzAIaC_bEw8nZaohvXoICg7T8AE1R2wJHOmAr15KZ4wPLoxrDu7Zo5UjfufMzU4wx05VE1lk3pNNv8jsc8VflKGuMkeHVGzcI6-OFA04I_lHvDWy-HRyCyQDhSRMp6Wm5waCz2vbxCR09kus1E27pfbb77srDunsOo2YvAS_C-J2DNX8VZ62B6gKXnz-vQoc77LwYEETzbtk_AcaUlJZYoDarsaZFp_fBbs3Sr4XLipyit8ReN4z5FT5LwILPG7-T7igljoCHWuQl1lTmcW6NgFcMy-zLvH6RMGUvCoUb9GUzTFLzbjVCw_ZSXLYPseV8LTCsIjDVyaE7SDU2gMSMcPnLy6Py8WH-jy8ai8RrrHL57Hm7kYyX7nqF9n71iv3oz-VezUUu2O_GbmheGPCgocNDYfuClsaWlkctgnijxo7m0_u6lZ7Yff6pH292KQfYVvDeAgr3lnj9jBh65Twg3MTiu7zekq7WjiL9T-jX2JF3JN5wrpJlA9L-NqCeoXc6-lN6sqa1b86dlmX6MhwzOQ2sZZxRwskuqIapHYpz2zkbB0Xffp6MVqVmpY2uGQqQPe-4QQFDVV_cEUTlucba1nwXcay8TKFicSCuMgS8NwuJEaAtBo7tztoSjvVILopfRe1XbJYED2SEsE-r7MqZaLvLjCgARhJf2aQUuu2_y9xmHwNLVVX44L6FA8mdJBRN6Sby8x4gzmNwdqyeEC0e1apRBdb4_RrlSJt8Dn26g_p700xu3wU3XPIFvXemwXolqdTxQGioqr5FuTHbaPUwIZIkmZgzVrNkAkNymRxD2np7zDPNLkqd9ROwiytBLG5emP38Q94KA&cid=CAASEuRoS0W7FpocNbQldfWz5E62NQ&rfl=1%2Chttps%253A%252F%252F2plus2.ua%252F%240

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6c559fd90502e37b5c45623a495ddf15963e693c73b043d5d082460d75b2605

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32794
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F153 42 B
63 B 91ms
90ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CrOGEVJHiQJREMjagCKi7QIfxjF2pJcnOss7AAIeYW0of8N5cf751nC5NyqqRu-Ez2Ay4xiLreDlAckmgCfHeCyAvKY-AsVrufHnBaa1hx-C4awnk

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame F153 2 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/window_focus_fy2019.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:47:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F153 124 KB
38 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c17b823ddee789bdc88b380ce8aa533558cbdef360c5da8e1f9f0dd3b2a1040b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38829
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645619776399499"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Feb 2022 18:48:32 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame F153 15 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3deec1e4d19cb71b80daa6f050c395fccb90d7f1c2ec74a920930d476013cf97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6434
x-xss-protection: 0
server: cafe
etag: 16791967082338318403
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:45:28 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame B4A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEVDM1oLS7h5du8aa4DO5lU&google_cver=1

43 B
61 B

50ms
48ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEVDM1oLS7h5du8aa4DO5lU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIYk5nwvAEwAQ&v=APEucNVQ_cfDL2Ffs7dW3jRBrB5VeIJ0z36GccZfelFDr2v6m2AEfIEf4h_pCB1XnsGUYIc2dlXakVi8QVW1_Rt7RS0iHWBb2oHEqRly4bHUeoYXJISJjQUC4aXrRsYlxB_fAj2CmKIe7MwvMttVVhsZwzy4cosEwJRZbdB8MGtLH2H543NSVOg
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEVDM1oLS7h5du8aa4DO5lU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame B4A5 43 B
131 B 36ms
30ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIYk5nwvAEwAQ&v=APEucNVQ_cfDL2Ffs7dW3jRBrB5VeIJ0z36GccZfelFDr2v6m2AEfIEf4h_pCB1XnsGUYIc2dlXakVi8QVW1_Rt7RS0iHWBb2oHEqRly4bHUeoYXJISJjQUC4aXrRsYlxB_fAj2CmKIe7MwvMttVVhsZwzy4cosEwJRZbdB8MGtLH2H543NSVOg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame B4A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEOqtQDWOaUNQ3o0R-J-NJW0&google_cver=1

23 B
172 B

122ms
89ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEOqtQDWOaUNQ3o0R-J-NJW0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIYk5nwvAEwAQ&v=APEucNVQ_cfDL2Ffs7dW3jRBrB5VeIJ0z36GccZfelFDr2v6m2AEfIEf4h_pCB1XnsGUYIc2dlXakVi8QVW1_Rt7RS0iHWBb2oHEqRly4bHUeoYXJISJjQUC4aXrRsYlxB_fAj2CmKIe7MwvMttVVhsZwzy4cosEwJRZbdB8MGtLH2H543NSVOg
Protocol: H2
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Feb 2022 18:48:32 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEOqtQDWOaUNQ3o0R-J-NJW0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame B4A5 23 B
172 B 221ms
82ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIYk5nwvAEwAQ&v=APEucNVQ_cfDL2Ffs7dW3jRBrB5VeIJ0z36GccZfelFDr2v6m2AEfIEf4h_pCB1XnsGUYIc2dlXakVi8QVW1_Rt7RS0iHWBb2oHEqRly4bHUeoYXJISJjQUC4aXrRsYlxB_fAj2CmKIe7MwvMttVVhsZwzy4cosEwJRZbdB8MGtLH2H543NSVOg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Feb 2022 18:48:32 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 0342
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGuDaCpeF161PpT-9xNw5W4&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGuDaCpeF161PpT-9xNw5W4&google_cver=1&__user_check__=1&sync_id=b21e3569-9734-11ec-abc9-1a7cb9e30506

43 B
549 B

41ms
40ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGuDaCpeF161PpT-9xNw5W4&google_cver=1&__user_check__=1&sync_id=b21e3569-9734-11ec-abc9-1a7cb9e30506
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNVTZvFU5Icen2bT2FdnKzp9T3Dc3nC85zqcKEw8J5sPMKxWSuzfYJEPka-McK5gq8s4-G5jRS_nKFK7VFI-1NweFT9hJRsSNjjzYZngmSfQShpLYOxXrejRnuj3HNJQAtHi_bQpYMWT5HA8dQcJBZIvzsHR8WFJvCDxOh7yrHfgWAq-d3c
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 118
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 26 Feb 2022 18:48:32 GMT
Server: nginx
Location: /partner?adv_id=7025&uid=CAESEGuDaCpeF161PpT-9xNw5W4&google_cver=1&__user_check__=1&sync_id=b21e3569-9734-11ec-abc9-1a7cb9e30506
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 22
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0342
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YjIxODBkMzQtOTczNC0xMWVjLWI0Y2ItMTgyYTZlOTkwMzA2

170 B
188 B

72ms
72ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YjIxODBkMzQtOTczNC0xMWVjLWI0Y2ItMTgyYTZlOTkwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMX_6gIQ1JWwgwIY3ZfwvAEwAQ&v=APEucNVTZvFU5Icen2bT2FdnKzp9T3Dc3nC85zqcKEw8J5sPMKxWSuzfYJEPka-McK5gq8s4-G5jRS_nKFK7VFI-1NweFT9hJRsSNjjzYZngmSfQShpLYOxXrejRnuj3HNJQAtHi_bQpYMWT5HA8dQcJBZIvzsHR8WFJvCDxOh7yrHfgWAq-d3c

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 26 Feb 2022 18:48:32 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YjIxODBkMzQtOTczNC0xMWVjLWI0Y2ItMTgyYTZlOTkwMzA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 121
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 0342 0
194 B 156ms
51ms Image
text/plain 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:32 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK / Show response
api.1plus1.video/home/vmap/ Frame CF0E 3 KB
2 KB 103ms
102ms XHR
application/xml 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/home/vmap/?s=2plus2.ua&r=YUhSMGNITTZMeTh5Y0d4MWN6SXVkV0V2&w=655&h=370&c=GRsFFLJ2&d=web_mobile&p1v=0&pid=5312
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.502.0_uk.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 419aab1bd108c2f4f7e1e743d0040ebe54b91ca0ab0ce93f70b853d7288ecca0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Feb 2022 18:48:32 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/xml
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame B2A6 106 KB
37 KB 90ms
47ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
Origin: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 14:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Feb 2022 14:21:34 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/elements/html/ Frame B2A6 8 KB
3 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CWgySPTawjfVHGsEPjxHyo7PRTpf9_B7o8pyzZLsdoc8qKKOudaC7eCMSHW-puZiuCLBXDdYc4PxIahw7YqfbUyJwc5sXswUVHlT7HNi2K2eUVm7TftTGo0RBqeFqJI4ySMg8hFAwtQfyiKKHvroDMoEGljA&dbm_d=AKAmf-BLEnRmbrFV6_V6sGsAn8648LUQR8OVlM6_m2XcxwqzNPNRiF2lXmLBpy03LIJ4wqsLzLph_pPhO5lElOY2FdZykYE3Uof9ctfb0K2qCVasuoJdikqh-MQB9RrfmVkK2eVtxdM6WHFCWje2jU1BlJ2wonrBAH7wPRExFhGyFU6927_RtKtKAMT8QidPtygMXVVLAWVBrWJHcryJfKqVRTlNrCDvC8upWielsw_CbBeew5q5GkqbftO9dHyk5gd45WKsTn1zIW2_u0P8e0QbPQQOjoMfaySNBCPxgh14B3fje_z_MGDiMoc_9WT6YpQAMN1QDriuB9dRObwfwLWHyf57RE0iUvPGiiGnVzrQiyj0jJ1HcOWzTxoPHSxhvD12Zu50P6ZbKCtXHIMVzXGy47ERlg14O7WwgZCuydP6kVCvCN2imK1o7rP1vdP9RXPjlkb4_UxY8usZOhWt5GOKBZ064Rennvxj61IyB0QFqVzZX931B_yp3rWsJLNUo4DB9GqFxU8YwoKjshUuGoJ24GL290dhB4kzClDtWLJYiG0amv6qv1d-9cuafls1_1rkzzPEW-X9DipjyYm0lBkB77GqVDpv0DbAODDUVIx9U37v7QobjufK8VrnXJrlTSeNyaxEdmuQdUmK-hH94IZ7IO_4qjMVflxayQqy13izOBMBmeYRNOGri2c-CAF9Z0KF9XjlCHyH2h_Sz4741ZoHmw-sN29mbbALlv19dkF8Cbq8VI9llp3_CbVuKurbgwvSylj6N9Z0xO8T8XdBhEHDxzcOyWc7zlpAoTbeXgifnMg00RDcQEOE28aXFq-3BUWkVLLW9DO3sZMJrkyCMYcSj3D_FRJpwvodyPxul7xyXb4x5ZCnsYq_u4dEm5NQWG05INPA5AaOuL5R_ZcwxCCO4x0HcClsEYZ6E7RhqCvY2U0wlBpj9MVOmNY7P_Eoy1PtaQ5KH8edsijwQ45gLrWlA0UVUfLR7x9jqTyhWhygK2D1k8tVO5Eek9LUmSm4gbRMUqNGmtx7BwbphrW5caFJcwigRM-EZFvdXOH-CH6pEAFhzwgdAUvmhjTiB8y1u1U5etvhl8O0A7oKYE3HKR3QjVVMmeUKYltcN5tn-ZDJZXzZs7LJDH9qodyk61efB2UWWlbTH1awXXgZEi0JqPQVLQ7ZOtXJv56erEHxGBS6RgMFVmOfKAiaIA6bdgptJfuZ74bvHGypz-WlMC7sV68oLWvPt82r4Tnd-Me6vOvc6Dr4KQeBE9H-tblnMuNHbTzFIAKbXGJtJ-dJ5BsxywAw4H7N_eH1qZXs2fBQDbIGWHwBNgNXky3Ln_n8MzOc9f9M1uGXSxUXlgKZOlbX4Q8YmRMSVokSnNytVGzVTOYObbYHPwAcjvFE9ZAc9l1tMT4hyTfTHJWs9Hc3AqEiksmk0fx01hYYRRCPolgc3J8WXGp_9qLXBU2MJ1do5ATYsNre6KeMFSUrmwGZkMft1idMCdPJXegb5LwJxH5LNPQwvR1Q-0-HxiflZ0ysOa4-oMC_MECAIPgvN7q6Fl_gd2gBbPypCogCkOUKXRBzlOlpRsgNStTKL0Pztu0h8BkMWzhqfRK-njgSoQRUR7Z2nLuwr63osQM-GLPbM1VQj8NMIosYeXYMi6z75Rbf-NXu9YPey6bWEIc3bKT-9wZHIjATTLk3wYiJVADnm0x-2P2TNDazYCnd5jdCgIw1b4PtRIsIU-cuAzQKFNT-GCQIcoqRRMvvIYUNgYuridW4ilbH7V6OpRzKoXiTd6gKn_B_RB4csXWScLQgIjJyInsdXjq3CIRp2kQVDqt2K1lKAxbeGH4CdXDo1NmnVJE3yRw2fTAWlCIL1DeGj_HQm31C90t_wg7h0Xr7VtCK-XLRrSlz1badIdrG_KkcJCeAA-QFFPY5ISzFiv5EaaJQzTcd0TpP_1Qnevd4FrvXx4gXaqvkkYaTlrHairIXnZ5LbELYUJceJMxnAEwiR5UMOSGUGoDR0HtfCAL_Ylx8wSpGb0EJORG6iQJyUsD-vH5LUj-ENsFvRdttiqzrwSVGsYL9qAi1Gw8T_YTD65rVavPk6not1Vc4YZepDFr0ba5O0I7TPXrIPlOIwmKzDyvhJCsEkF37t9HHTXUxBCGQmgZUbKNT90cztQh2dyEsxF2kS55jsAZJY-kwPR6VkUHCfHTV-DURjLFe7n8QJIi34hYMBVatGoCPmtliHqSHYeUb_XPtjqbOwuTtlx6r-tLAAVs4xNC6EG5NEcdVezq68bHsv1lOXZFfANnpdNgaye86jh9RkTUyWETFlfMu9nvJ7XHKd0pO322QmPvfVTpMpoMD32tmI-kzfWDdc-368I4fmrS82A0EYQHoZ8bZb5g57De1yCgu2G9uySP3Vxf0M9HnTWqGbOSh-UhmhzvbAeTkmqUYIYr7Em2OAfbv99keXGVYviWVxab2q14y7D0uUjhS866p_H1xfA5sJa7L7amYADHLBH5YllrIWIYTnsfSUEPoYwVKFF8x8EtAxOT7eG4ySzv8ldAFqI2njKOrF_D8DrTuzRz47huwnyQlrg-JjST_ozyxv_NCzyYlqaNXadjojSbNOCvv1-vh58fB_vaP9rVeTEwhepmmDyhjtKpKnlxFfCAyHDS-jibbQo24PJ-sqE01M7ERatki0QAGyxyUdgzBn6CanrQYkRBZ3Ab98M7BmhtWGGUgi6N2BmTDU1stcd2rU9SqUZ6gGW7vRgQxIJCvvAaMlt1X91y1ITBdAcqM9TiQGTPcclyba_KulniR4433pbfg6XZ5u5rEhkiKTH6ta4iXOJb0lxB_feJVPjVnkmJDs94jDpDYcu_B2mZJRNa7E8sfOQIR5FX2uU2WUrca6LmvPACGre42FrwdrJ7pt2WaqAn8nEVqcImXpLPltGwfnv7ca0ECBQD1yFSIDIC0qeyV2HJjcdP5vBqiw6hnE5KYKkEv0YmcYYdd7Hn3mQr-zvrOxCDQoROQz9OyR2AS8gd-E5utPVAlW53WEjur_Z6Bb9557-PitAgj3BxyFlDCOq-UjgMHc0QKziPei3h1Blmad5aEHV0Ch0iQYKPb0q-j0efoFDauBNplVIkWIde4g8nsoaVjAI1ozXtFiOtNkW8OfXKeEy-UcnJH-GB2d4ueDKncq79aju0yedyvV2tp9Z2q8t_t1dp1AgRY1nOxU1735bY0Rqs6ZzsvqNbZBHPKXvp2-Xc7zzR0kNEkSAyILbtGebOuq_dsU2KmV3sNh8N57AgUDzq4sM-M4mQgKnaSGNamjVQmYg&cid=CAASEuRoXb009o2heXbogxZxaGeexQ&rfl=1%2Chttps%253A%252F%252F2plus2.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:46:20 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/ Frame B2A6 25 KB
9 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87b3beae1d08bf029d04938bc1d76c7870d450fd75609a85dfafd761cd472047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:47:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9647
x-xss-protection: 0
server: cafe
etag: 6462939580093197770
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:47:51 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame F153 106 KB
37 KB 83ms
47ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
Origin: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 14:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Feb 2022 14:21:34 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/elements/html/ Frame F153 8 KB
3 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CgG306gt0kXqGPbNIMJLDNmAc8qK05L0SxEm4FDou3lr0QGVl8YoX-WuLcxokej6lsZIcxd1fKM3yg7RgoS41tdgtYDzEZxdCB6pl3IrZrabG819UQk0ty9aq5bqs67OOyRkHhKEiOt1q_F3118QC6FMR4ag&dbm_d=AKAmf-CR_j20yffz3L1KUBsF7v0HebVKs1ourwdoElddmmGGIbi7PHHHxBE4_H2EuZLJtWwQ9_C3xjLcQjzBqhQmUQDThVC_2PwXRwizk-TtkLWfiuJTt0Fz88tnZSmMBDd7ihDC-62wRXdhKuzRqQwxC1SlDhF65om8Lh-MgSBgNTz2OyrpFaa51TetiBokJdNe85DJKPV_Ggkkuqr87VeFeCuaj7sF0U6kCae2IS7YmIpLbflso2-5j-Fa0_2s4Xz53sp6IlIlqsQXPYJ4mufMYIi57jrawHXr_ySWZ7S9mCr2fg3rEVfj-Ni7GaXkhcUT_zkDh2dO2_Tgz6O4daMe58gSRuu1eFWPJGs2mYuCnkLz8gzkAkILKFCcaEzv7Z3BkPUgZCoiyN-oxmIL-J2lm_KlIM7lLjKHZQhG2nRAehqSn3x19fFigvaEEBvfHro-7GFFn3tx4_CJ4qvAS_Rwr6wXFbZW6EdCV77BFh_L_8SvHz20VgXV-TWYDARm4ovL4M4kaMkgVvNuzLlC4OI980xjk42az9K9KH3kAbcEvdmcr5apQvr1IOt_6hD1vY94PA_o30H80OfmOd4ujY1_P2xbep5rHWzPDDMotqTT5IB11yuQzqTD0AEFb87D80Na5s_xfuOll7Kpv_IPzyHfE2kN3i7pnuaAlrnfPPihFjvwLmYyNYzKz-9fpZmd9lquvHUYkE9g6CHyGEm6-IdfoZ2rFNoaWZ8zzl0n32ox6CdmTdAPK22akNdJuEyYFzd_atgQfEE3qWT3UsTqo-aXiK4NEQxyXomefi4gVaBknr5C4kegxgEvsA7C07IrsBQgxIzfHfuznKbdPy9lFnLe7gBSQMP5CjBErFhJ_Jix0oi_uto5u4oVCM_ckJCPledh-bheb2eGdUJYRB4lGEpRk3JY2qNT0d5OXJvNv3Jl-aPHkw87xc1FCOPOvSApBVALZ1pZnz8CUvjmBA_CUMzeOTKWuw9KBmsh_NwAmwLm8lLrSCghAiWsfpLZv00VpJyHRnCshL9WdhVYlCnsINRjcG7_GhKBJeDIet5GDjy-HqCv2vWl9flnFtYbDTVwbB09BQqmXZp8vwtd8svOaD3A2dpVtQD7gjJ2nqTinMqJ1Aqmas2sDwVV3hWYXMKj-Q-3fl_bzybChg4uZAJIJGa82K0K4OC1rCvB9kF4XM6z8pf5ibxYg9gMCvt0W9o0JviW0Av_n_QITdDdMu8gPW8RF3axFIHqGLlyiheL789_kJNR0T-uwSh79kndbkAaBoP6jRUWmilRudrkYCTTgeYjA_zisFeKtP21yt3wkJxP45LG3jrx64Kx1xESgGaj1xdgTb4upA_Y5EIGsxK8pviaMQrVZvLmSvp0CizedTe84ncjqGSmNluhJNnmbSm1EiqTIAWWf2hXlfZmBy6hOij1EXUO6Taof2NdH85F7Z-1nnoIeml_e-8UN4ppYQsxn_GyECVSyxf9wH8xNeC5rZz51ODe0jhHwu6ejXdYPhwZBEw3NQAC1EOFFoL2_ubo22scARXXcQYH1y07LCPOeFXMKmHkVaUvKoLRW7rbjCRHI1wKfSEDGLfW8vcWbqh-NLyQBkxbH9Mq_c3_yKzs_AVdsSCXV3X7BIauo1KTkVWYGsIPg7b8Q-CnMzv2BCwb0pFTMOJ_yHNQ4JVouxdCjSozHZPCRFRBgrarjEZfDyfxYYUYInp2dnjr5QhXJviyjow72XJw_aOU5kuitfFRwehmGTV1pd-aVqgWR_MjKDT2gzvTHwELI_rU0Dx9RAKMf7g7Nds4uaEc0EMAYztfwIO7uD2amlCnWW5X-UYprL2kUfHL3MlWdTrifXTsKO6DZVu5mfoWQ14N1lyIF4XdJp949k3xzb6bkZscHzwgFKDcYNVXYle84XjwrSmVBOlrxHwssizHEwoS4WYnelydQu3R_17Q_j85sFRtmoNsGx42HWspnvGTj1Va-DRO1xZFzmpBGo40YqmVnsKWJk5i-MaGgd6XHfLjWp7hN-YGGnAfSJ0iNUcdCPhaw2D0dUd9RhndZ2qREk0_mmNJmuFzfc_ZPI16F6tv7Mn7aA5K69INfrqGJNUUnyU2PGQ15Vcpf3m6ha5NygAlfvcQEbiH3FwC4co7-1mncOkfnQtnxzk9sirmhXLfSJjNWZ_AS14huN6iUjvcjf1VfHUCFgEh-T1Lr5KkEUSUPxwXrjJVVcVL5XQdU75C6Tzo3AP4AHznxqM7Xi7jjk5isizIZUNzrZtVgDcuQmr2RUiw3vBh0rrcHlXsDzlbo7RhkU-NxUDtgazEPtsP4XlzzZQADDp4VEQYY6ab0pfY5WgrjGcMcBozt4ComC96n1AqliNQhhCvqIpAvaH-wek3Ez4S8w-BHJT4ZRcEapFEkS6GttjxY0f2fTfqAiaRBa_jmpaZ_n1HYtBkuGiSgPdWc-_Km6RDrFQogzAIaC_bEw8nZaohvXoICg7T8AE1R2wJHOmAr15KZ4wPLoxrDu7Zo5UjfufMzU4wx05VE1lk3pNNv8jsc8VflKGuMkeHVGzcI6-OFA04I_lHvDWy-HRyCyQDhSRMp6Wm5waCz2vbxCR09kus1E27pfbb77srDunsOo2YvAS_C-J2DNX8VZ62B6gKXnz-vQoc77LwYEETzbtk_AcaUlJZYoDarsaZFp_fBbs3Sr4XLipyit8ReN4z5FT5LwILPG7-T7igljoCHWuQl1lTmcW6NgFcMy-zLvH6RMGUvCoUb9GUzTFLzbjVCw_ZSXLYPseV8LTCsIjDVyaE7SDU2gMSMcPnLy6Py8WH-jy8ai8RrrHL57Hm7kYyX7nqF9n71iv3oz-VezUUu2O_GbmheGPCgocNDYfuClsaWlkctgnijxo7m0_u6lZ7Yff6pH292KQfYVvDeAgr3lnj9jBh65Twg3MTiu7zekq7WjiL9T-jX2JF3JN5wrpJlA9L-NqCeoXc6-lN6sqa1b86dlmX6MhwzOQ2sZZxRwskuqIapHYpz2zkbB0Xffp6MVqVmpY2uGQqQPe-4QQFDVV_cEUTlucba1nwXcay8TKFicSCuMgS8NwuJEaAtBo7tztoSjvVILopfRe1XbJYED2SEsE-r7MqZaLvLjCgARhJf2aQUuu2_y9xmHwNLVVX44L6FA8mdJBRN6Sby8x4gzmNwdqyeEC0e1apRBdb4_RrlSJt8Dn26g_p700xu3wU3XPIFvXemwXolqdTxQGioqr5FuTHbaPUwIZIkmZgzVrNkAkNymRxD2np7zDPNLkqd9ROwiytBLG5emP38Q94KA&cid=CAASEuRoS0W7FpocNbQldfWz5E62NQ&rfl=1%2Chttps%253A%252F%252F2plus2.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:46:20 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/ Frame F153 25 KB
9 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220223/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87b3beae1d08bf029d04938bc1d76c7870d450fd75609a85dfafd761cd472047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:47:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9647
x-xss-protection: 0
server: cafe
etag: 6462939580093197770
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 12 Mar 2022 18:47:51 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 2A7E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

117ms
117ms

Image
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: 2plus2.ua
URL: https://2plus2.ua/
Protocol: H3
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Redirect headers

date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B2A6 41 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:07:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2488
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Feb 2023 18:07:04 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B9A2 1 KB
749 B 43ms
43ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 26 Feb 2022 05:53:44 GMT
expires: Sun, 27 Feb 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 46488
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B2A6 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7bfdf14ec92f5531668dfd23d33e18a1a6cb4a2eaaf4f99635505e12f7d908bd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F153 41 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:07:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2488
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Feb 2023 18:07:04 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 08A1 1 KB
749 B 39ms
39ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 26 Feb 2022 05:53:44 GMT
expires: Sun, 27 Feb 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 46488
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F153 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8646ee553139c1ae0599dc361ee00aa6195a131f476ea0c5823ea9e2e909ee2f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D03C 22 KB
8 KB 37ms
36ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:07:04 GMT
expires: Sun, 26 Feb 2023 18:07:04 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 2488
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

playlist.m3u8 Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057
Redirect Chain

https://grandcentral.1plus1.video/vod/202202/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7/9c701a4f64987d847e5473c32f22ae87/1645987709?return_http=true&_t1602905113858
https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/playlist.m3u8

342 B
613 B

305ms
71ms

XHR
application/vnd.apple.mpegurl

195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/playlist.m3u8
Protocol: HTTP/1.1
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 674bcf60b6ec7030ed462580b26dc55a86d093cb012cd0696fb225807c82cbf1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:32 GMT
Server: nginx
X-Cache: HIT
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Cache-Control: max-age=60
X-Request-Time: 0.000
Connection: close
Expires: Sat, 26 Feb 2022 18:49:32 GMT

Redirect headers

Date: Sat, 26 Feb 2022 18:48:32 GMT
Server: nginx
Location: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/playlist.m3u8
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Connection: keep-alive
Keep-Alive: timeout=20

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B588 22 KB
8 KB 37ms
36ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 18:07:04 GMT
expires: Sun, 26 Feb 2023 18:07:04 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 2488
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7057 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7057 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7057 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7057 380 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17532460006060851200/ Frame 0A40 304 KB
41 KB 40ms
39ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17532460006060851200/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcddf8c32c3d1d0cacc35462e294d7b2589645eff555b50c5bc22d5dbf98ae81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 41685
date: Fri, 25 Feb 2022 16:46:37 GMT
expires: Sat, 25 Feb 2023 16:46:37 GMT
cache-control: public, max-age=31536000
age: 93715
last-modified: Fri, 21 Jan 2022 10:31:34 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B2A6 0
24 B 123ms
123ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuT0tiCAyc9vTi5PVKfnc08RXZY5sS41HqrSKP66a7P9yhcoJuklwT75kwpsgtreoHqy9lH92uq7DN7Uak2xMZYh0dBALRqd0MQNVw5LUDoSL8DgQhpvxqX7tI4Oe22Z-L-KvvXAkAVWk5psy9JYNfQ9rwUgHnf0uYdzDJrZnhjgpkcT5BVmL2pDQhDnx4N1pOGCryHvzmvtfV5ntjxLGUsduWTpzmMgAlCjbnWhSSTf0vDcV_8ElzRiqDtrb1l6eKaaBHV2x0mdNmYKTWolLgHHHEK1rv1obe_kbEDjAT6Qko96rGNkGhl5m3rndzJcvyNUziBjm7MSB_WMWuEwWyQvHYbhdbPgzudrps9drThKScfO8FLPZ-1brqjNtbwAb4pCX5fts__GzsLSZb9nfR8gOJYH4Vgp15pgmbljRR2rIeS4dfTX5dCXJtA79AlXfLzKHI9b-SHqwFNXR-COjXyhG44vAkbzhNf02gvnvWX3uhj3kbaGim1OW4sNSnf0KWooamudfl4VTtszhbQJikYLDotVMJSCYgqh-AtIW9CmePsY2_xhY8mVnGy18grK_6YuBh2mhNciHbOJHUvH5owuqjcmDnf47r1_aCnZmSCRkKe5DFf85TV7BobkAoL47WbKuWkEPrZ7OXycdIZdit2ea8GwDC8yaE0LRWdqUt8tAgsDPsOYwswnOH9r1fo4P_WC0JL8KC-Ad1ot3masPdwzikfe7cS5CQQzKPcaGZErVrujAldADopsiNM_WzpaMTmAdvKEgMOGAPpi_K8OuDi31MB-tnW-jebF1k9lKJnHaAPC_iUpZ-Mcwps4En3JrtXfSlcjXxMnIXOJqOujNbD6-qbtiSk8IoyfoQb-rjMHo-xo2ilTKvmSaynMj8FSDslTTMa5pOvEqntriB6n79LuPRznoruIY9_rDt57vl4uiffIWRgnHz7ZGXzNGW1v_Xom2oGikTJTTmJx8DXpl10gDStuJjTZvq8-weL7LC214ij2152kssCMUbQZI9q1nO7i1JrVY3QLpPY-N7hYO1Wme-GMOPjwrv1Zvoxsyw_kTfKhAbBaZTsNQ1ZRnsgzB7bBEtHrc4y1DpRvr18tn4Z4UP3Fehq2yPpkDOeTKawaXauzk9FILnoolJ84AWAKZg71U2nhZjymSzPO4nzMFhAjdqBNSitGPdeKNNcI8nLcQaqdwNgSgnamd3kG0fwi1_MLvsDLyx2KdCO38MLHOPUD5JwkmOjO0T_80TYus8KslHdk2VW3-YUB4fiMk0&sai=AMfl-YQh_bOflKQ7W3N7BWVhjBCpzQNIpKS9_mB0YuJEP-LMa3auDk9Jrb1i9t2JdbRhn9Rw1JZZCvw0Aivm6KfIvHaC0HsTYlaEX2m-aejn5gS3e4cHNrJX7NSO0o4pBLN6GmrhIUE1h4_yuEwXSxNaiT7hz93yzw&sig=Cg0ArKJSzADqks3iqF-EEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=163&cbvp=1&cstd=161&cisv=r20220223.59023&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 26 Feb 2022 18:48:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14333778370720956416/ Frame B25B 304 KB
41 KB 39ms
39ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcddf8c32c3d1d0cacc35462e294d7b2589645eff555b50c5bc22d5dbf98ae81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 41685
date: Fri, 25 Feb 2022 16:43:12 GMT
expires: Sat, 25 Feb 2023 16:43:12 GMT
cache-control: public, max-age=31536000
age: 93920
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F153 0
24 B 118ms
118ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvnS8KZFY4PLW6o__tjFA-BGrsRdi4LgpkMZ0HYZe4V73xA5CIGILXbKeht9-eQYxJRhLWi9BJEhlX9UJv7PV_ScuFjdqYMO7hOZweekovJc1hHUdW3-iBD7clyfOUFstqf3K8jahp_YoEnKuj4ZA5II9A3-z-3l9Sd5byDhN46fZzzOhh1d0CpMo17LZEd8FwPPiOhJWNFSEO6tsYnHya17teP1wwraq1QqTIZxZM9iCoM2DQ-VqoUmhdQkhmwPUdZCKaLc_RS9xXxqaphgc-WE67fV954vfbroUCxC19l9gsn_T7goUx-Zt0glX0PRP3FC4ArjwiaGTBelVoc9ehmSXIZ_joh_NtoYydhDRysA0zEbhXtxQMI-brCN8u_RqGqbRItxYVfPwiHGNZolmYJlOlXWkny14IfrjRTmLe_aonDyebhhk5z7wCbL_34D3AnRMlKZ99ksIMir3-9-u1RZk5xg-WtzHSIvpeFc9fM65ytfaL_UmvVdjHJoogxN4FbDz77LKmm2cx5fdyYIxRS2C6fRI3eefjs0KithFDw-LGDGYFVEau0NoooOMKAsHGF_2sMQgEEJjoPQ3v1qY9i9Qsk-mvIoMzNl90ScFDJjE7bcKHmXXedxW-7AoCYaWAY4YKxsBTEPljSHPIAanxkrKbfRicQ_SvDnJq4-mHccbNj-RJ84cwZTBD7Z4f4fN1GdvTxr0pHZen9b-iBlrTS6wVU8vUZYETxlAdYzB-6BZX2F-uqH9dibWjCcCF1ABfNELcyIxpSp3irJFLzBsOo5Rx-K4PD65vdJUU5uj3pmwT9GYaQO1Oq05FWZJE2KN5UpFYT1HGCvh5ylOtPGcffCBSm7_kA-w8nyuOFSDWOQiUbLnXVcQzMAJhzbRUkv6Mjr0Cd8i3OyLBNebqNUezMKEXAEMX5L0VjQ030jUdKV965a93UeolL1we8_HrS_0JeJ9yUDVC2dt_TI4dheBOKaaO94s0O-FDxPaU5kyE0mAoFEKyvQ53b56_D_BcPnHxw-x70eFH-ORODzSdgbk24UClm73d2dZC3YmvE0jQbQfU9HKPKiQlyN9lh9tPlc3KnJGZIxZCOSWjIEpYIMN8j1M6bq4zNp-QJdXdOB8AzbZ37j6YlF6OwwjtzIXlwO-CtqEFZiWWRuJjTdwIJKpGGnhroA5rSKeBdYPD8SyO8ApiQ48Y3nP17_cv6wrrdbx1asdS2-kHzdoBbXZU0qfFR_tS9egeuG3bUT0V4P_3vYhVKLYDD01McA&sai=AMfl-YQQj5srShOzT4kme9etzhpapEq-mXw0ycLz4bFAxktEIyEnFfX-WNBvM9RccBoqLZ5Dug77NQ1k3IaGDH7iimymhoXvxHfTJmhk6dZctpAaESuagMT4qESRW7XhuiNZteDdEfRU6_U-osGEsBm_WaldEQoU0g&sig=Cg0ArKJSzAQSPGXXytjVEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=162&cbvp=1&cstd=160&cisv=r20220223.21435&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 26 Feb 2022 18:48:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dpixel
cms.quantserve.com/ Frame B9A2 35 B
464 B 133ms
41ms Image
image/gif 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAdrERV0i_QUYZ6wC5UDTh0&google_cver=1&google_push=AYg5qPL-X_55W6zpX2DSMXKwlUY4bebyBq0uOxRpySzLBPSPO3QQggzyzLuM8VG8bCdoIZN1gsyOobHgH3oTbx9iU7JHpMr8ik07jg

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame B9A2 0
104 B 168ms
55ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEPEp12u1pU1lUYzydGArVew&google_cver=1&google_push=AYg5qPIbrY22gf32Ko_xacPh2uj2_XMYqRfWvaS5bFpH4ru_Q2SnSMKiKn9YJ7M7Q2T4-1oBvrP1g0xsDbLPa4Iwtdv2F0iuD1Y6wg
Requested by: Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame B9A2
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFutaUJpNmUzqKzE9DKcgMY&google_cver=1&google_push=AYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCG...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFutaUJpNmUzqKzE9DKcgMY&google_cver=1&google_push=AYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWm...

43 B
415 B

180ms
178ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFutaUJpNmUzqKzE9DKcgMY&google_cver=1&google_push=AYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCGg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCGg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6e3b59248b5771f3-LHR
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 1517
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6e3b5923395471f3-LHR
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFutaUJpNmUzqKzE9DKcgMY&google_cver=1&google_push=AYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCGg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKbXl2-fDU7leqQ2P_9x4S9l8KS5Pj5ZSK23zkH0BpEP6ipgLtkbO-IL7qY5leCjpBfpmgDzhkj_uHM2mfYGPDua3dqBWmCGg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B9A2
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEEwAFvLyPndhxRYKavZD1M4&google_cver=1&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEEwAFvLyPndhxRYKavZD1M4&google_cver=1&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19x...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8&google_hm=Pneq-I7dSa2eZtOJgTDgog==

170 B
188 B

61ms
61ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8&google_hm=Pneq-I7dSa2eZtOJgTDgog==

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8&google_hm=Pneq-I7dSa2eZtOJgTDgog==
Date: Sat, 26 Feb 2022 18:48:32 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B9A2
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEFXFzP0mPdXCsttRuoH-buQ&google_cver=1&google_push=AYg5qPKDYHx-vhnJPVGSgsgOvyAJkbc8Cb6ofG_DDr1ECuRiif-atdTZQ2G7l9SPDKLlN69HVjprnkfZ2MBhyIzktMbXUTb...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEFXFzP0mPdXCsttRuoH-buQ&google_cver=1&google_push=AYg5qPKDYHx-vhnJPVGSgsgOvyAJkbc8Cb6ofG_DDr1ECuRiif-atdTZQ2G7l9SPDKLlN69HVjprnkfZ2MBhyIzktMbXU...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKDYHx-vhnJPVGSgsgOvyAJkbc8Cb6ofG_DDr1ECuRiif-atdTZQ2G7l9SPDKLlN69HVjprnkfZ2MBhyIzktMbXUTbzYaFR

170 B
188 B

107ms
106ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKDYHx-vhnJPVGSgsgOvyAJkbc8Cb6ofG_DDr1ECuRiif-atdTZQ2G7l9SPDKLlN69HVjprnkfZ2MBhyIzktMbXUTbzYaFR

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKDYHx-vhnJPVGSgsgOvyAJkbc8Cb6ofG_DDr1ECuRiif-atdTZQ2G7l9SPDKLlN69HVjprnkfZ2MBhyIzktMbXUTbzYaFR
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET

pixel
cm.g.doubleclick.net/ Frame B9A2
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEH6mOTF87Y5FoMLqkbcPbfw&google_cver=1&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LK...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEH6mOTF87Y5FoMLqkbcPbfw&google_cver=1&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQY...

0
0

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame B9A2
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMrYfEO-ANL3-Z0nNruUpg8&google_cver=1&google_push=AYg5qPKsDe9eFkujFn3jsPZIiVZTWCZYO0oX47qBc3YVlIqtFaTFvSrnL7gn6pmjLrObu65RrMF16R20rQH...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPKsDe9eFkujFn3jsPZIiVZTWCZYO0oX47qBc3YVlIqtFaTFvSrnL7gn6pmjLrObu65RrMF16R20rQHGOp--72UUS26c2LQBVA
https://onetag-sys.com/sync/i,19/?google_error=5

0
148 B

36ms
36ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?google_error=5

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/sync/i,19/?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B9A2 0
12 B 43ms
43ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L0tkoNEqsS28Xv8GQsdyEjoUwqy2oocjSqxXdfmmF142pGJD5LdN-rq4dJ-zNnvd6oJlQuAg

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET /
google2waycm.netmng.com/cm/ Frame 08A1 0
0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 08A1
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESECqn2_KxQKG3yzCtjwEzXY0&google_cver=1&google_push=AYg5qPJT3E1RFQdPlrb0Jpe89ELv9__DcN_gofzE__4Bsd6Bz6sS24Hl2QDeIx6O7LuIk1IhJ3NyuCdJQR0bCOUdoTM5ApkvLIE9rw
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzU1NDM1NzAwODkzMDYzOTc2Mw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECqn2_KxQKG3yzCtjwEzXY0&google_cver=1

43 B
398 B

129ms
64ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECqn2_KxQKG3yzCtjwEzXY0&google_cver=1
Requested by: Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESECqn2_KxQKG3yzCtjwEzXY0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 08A1 35 B
463 B 122ms
42ms Image
image/gif 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAdrERV0i_QUYZ6wC5UDTh0&google_cver=1&google_push=AYg5qPL513-evF6tiFul7XtgP4JRvojSBt-eMKF4zbODrZmfbbNMAafSO95Qmh4G6TVqk1NOzyweu8Qrvfn3DHSSwAI0a1xWWSD4QA

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 08A1
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEEaOQ7crqv55hDEALmMk5DU&google_cver=1&google_push=AYg5qPL36gBFXYlLdSgnEVzoUO7s0LiS1NPEKSmgBXa37C-Uqn0vbcrS_itRR7wcJ6_d_cATaozHPlGtlNVfOLe4...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPL36gBFXYlLdSgnEVzoUO7s0LiS1NPEKSmgBXa37C-Uqn0vbcrS_itRR7wcJ6_d_cATaozHPlGtlNVfOLe4NzDOr54jgRWsLQ

170 B
188 B

67ms
66ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPL36gBFXYlLdSgnEVzoUO7s0LiS1NPEKSmgBXa37C-Uqn0vbcrS_itRR7wcJ6_d_cATaozHPlGtlNVfOLe4NzDOr54jgRWsLQ

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 26 Feb 2022 18:48:32 GMT
Server: MT3 4172 645ee8c master cdg-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPL36gBFXYlLdSgnEVzoUO7s0LiS1NPEKSmgBXa37C-Uqn0vbcrS_itRR7wcJ6_d_cATaozHPlGtlNVfOLe4NzDOr54jgRWsLQ
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 26 Feb 2022 18:48:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 08A1
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEEwAFvLyPndhxRYKavZD1M4&google_cver=1&google_push=AYg5qPKQmp1jYFCdB4gxJ3p6x1F40iE9W6EYo8HqU8YDWxa4skztGS7rctsdAOetRd_yFjpQXgaFTVN18H6YAurIvvgw...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEEwAFvLyPndhxRYKavZD1M4&google_cver=1&google_push=AYg5qPKQmp1jYFCdB4gxJ3p6x1F40iE9W6EYo8HqU8YDWxa4skztGS7rctsdAOetRd_yFjpQXgaFTVN18H6YAu...
https://m.fg8dgt.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&ssp_uuid=3e77aaf8-8edd-49ad-9e66-d3898130e0a2
https://m.fg8dgt.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&ssp_uuid=3e77aaf8-8edd-49ad-9e66-d3898130e0a2
https://x.bidswitch.net/sync?dsp_id=108&expires=14&ssp=google&user_id=becc588d-ffd0-4459-a788-ffde2227d20e
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8&google_hm=Pneq-I7dSa2eZtOJgTDgog==

170 B
188 B

66ms
66ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8&google_hm=Pneq-I7dSa2eZtOJgTDgog==

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPKTHjPf8hPGxU8Rnixa1Nt9H0aVODjFfYGmySK9H-jJID_ai3_7vE4ZDcmOclrYvUuuNL7ElvFQNdN19xt2Xffy5rNjpPq8&google_hm=Pneq-I7dSa2eZtOJgTDgog==
Date: Sat, 26 Feb 2022 18:48:34 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 08A1
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEFXFzP0mPdXCsttRuoH-buQ&google_cver=1&google_push=AYg5qPLRQco549G0v0OG1vugOmT0_A595IsZ4wNlU4fG8b12OuQkrxR5LJqwWRx26i5Nhtp4Iqi0UuZv71vopZMQ8qyDBKI...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEFXFzP0mPdXCsttRuoH-buQ&google_cver=1&google_push=AYg5qPLRQco549G0v0OG1vugOmT0_A595IsZ4wNlU4fG8b12OuQkrxR5LJqwWRx26i5Nhtp4Iqi0UuZv71vopZMQ8qyDB...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLRQco549G0v0OG1vugOmT0_A595IsZ4wNlU4fG8b12OuQkrxR5LJqwWRx26i5Nhtp4Iqi0UuZv71vopZMQ8qyDBKIoceBjVQ

170 B
188 B

95ms
94ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLRQco549G0v0OG1vugOmT0_A595IsZ4wNlU4fG8b12OuQkrxR5LJqwWRx26i5Nhtp4Iqi0UuZv71vopZMQ8qyDBKIoceBjVQ

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLRQco549G0v0OG1vugOmT0_A595IsZ4wNlU4fG8b12OuQkrxR5LJqwWRx26i5Nhtp4Iqi0UuZv71vopZMQ8qyDBKIoceBjVQ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 08A1
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEBHI8y8cLLJBX130r2rk5rA&google_cver=1&google_push=AYg5qPLyx9cuQILrDTq2AgJIMGSWdFeFkp2N-NGjrM8WGcwkcmigugzclosQty5XG8OHmybEd9WryIH-CP21JWjPGnb8Ezqoge...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPLyx9cuQILrDTq2AgJIMGSWdFeFkp2N-NGjrM8WGcwkcmigugzclosQty5XG8OHmybEd9WryIH-CP21JWjPGnb8EzqogejZrg&go...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU2ODg3OTkyOTE2MDM4MzAzMDU4Mg%3D%3D&google_push=AYg5qPLyx9cuQILrDTq2AgJIMGSWdFeFkp2N-NGjrM8WGcwkcmigugzc...

170 B
188 B

93ms
92ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU2ODg3OTkyOTE2MDM4MzAzMDU4Mg%3D%3D&google_push=AYg5qPLyx9cuQILrDTq2AgJIMGSWdFeFkp2N-NGjrM8WGcwkcmigugzclosQty5XG8OHmybEd9WryIH-CP21JWjPGnb8EzqogejZrg

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU2ODg3OTkyOTE2MDM4MzAzMDU4Mg%3D%3D&google_push=AYg5qPLyx9cuQILrDTq2AgJIMGSWdFeFkp2N-NGjrM8WGcwkcmigugzclosQty5XG8OHmybEd9WryIH-CP21JWjPGnb8EzqogejZrg
date: Sat, 26 Feb 2022 18:48:32 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 08A1 0
12 B 44ms
43ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JHFjAQ7u3Rm7Sqg76Q1qw5OZrePKDwk8eEKiYIfW_YZZyJMYDYc5yfRW-Kc1XQHSVFHZcd

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 18:48:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js Show response
pagead2.googlesyndication.com/bg/ Frame D03C 35 KB
13 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

891bbb47d2add07dd4c05d7ecd02bb2cb830225f03691961af7aa92931c20c86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 15:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11284
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13728
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Feb 2023 15:40:28 GMT

GET
H3 200 iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js Show response
pagead2.googlesyndication.com/bg/ Frame B588 35 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iRu7R9Kt0H3UwF1-zQK7LLgwIl8DaRlhr3qpKTHCDIY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

891bbb47d2add07dd4c05d7ecd02bb2cb830225f03691961af7aa92931c20c86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 15:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11284
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13728
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Feb 2023 15:40:28 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 0A40 29 KB
10 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 06:12:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Feb 2022 06:12:45 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame B25B 29 KB
10 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Sat, 26 Feb 2022 06:12:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Feb 2022 06:12:45 GMT

GET
H3 200 VolvoNovum-Medium.woff2
s0.2mdn.net/sadbundle/17532460006060851200/ Frame 0A40 38 KB
38 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17532460006060851200/VolvoNovum-Medium.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2675ab1d1852f1aa30e272d7c2b1b9616e1f4771a94860e0d92bc7fca6c3c48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html
Origin: https://s0.2mdn.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:43:05 GMT
x-content-type-options: nosniff
age: 93927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39068
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:43:05 GMT

GET
H3 200 VolvoNovum-Medium.woff2
s0.2mdn.net/sadbundle/14333778370720956416/ Frame B25B 38 KB
38 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/VolvoNovum-Medium.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2675ab1d1852f1aa30e272d7c2b1b9616e1f4771a94860e0d92bc7fca6c3c48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
Origin: https://s0.2mdn.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39068
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 200 Volvo_Black.png
s0.2mdn.net/sadbundle/17532460006060851200/ Frame 0A40 5 KB
5 KB 36ms
36ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17532460006060851200/Volvo_Black.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5be30616d437d2baf9041a6648598542ae30fed30d261b002266e5d58969685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:43:05 GMT
x-content-type-options: nosniff
age: 93927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4824
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:43:05 GMT

GET
H3 200 Flash.png
s0.2mdn.net/sadbundle/17532460006060851200/ Frame 0A40 3 KB
3 KB 37ms
36ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17532460006060851200/Flash.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baea5caffda9109fe3fe251376d60a25ea43c846fa7bb8dc4b15da44a78c6760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:43:05 GMT
x-content-type-options: nosniff
age: 93927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3431
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:43:05 GMT

GET
H3 200 Floor_extend2.png
s0.2mdn.net/sadbundle/17532460006060851200/ Frame 0A40 56 KB
56 KB 37ms
36ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17532460006060851200/Floor_extend2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f93264606087b4c1dd4e0bb8bf2ed92549c53fe8b5f095d214c4e72a765f5482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:43:05 GMT
x-content-type-options: nosniff
age: 93927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57259
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:43:05 GMT

GET
H3 200 Spritesheet_XC40_MY23_4.jpg
s0.2mdn.net/sadbundle/17532460006060851200/ Frame 0A40 783 KB
783 KB 43ms
42ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17532460006060851200/Spritesheet_XC40_MY23_4.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a082bfd96630ab857ec08e4e0055175aae987aea275d450f048ec3fee5de5383

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17532460006060851200/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:43:05 GMT
x-content-type-options: nosniff
age: 93927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 801309
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:43:05 GMT

GET
H3 200 Volvo_Black.png
s0.2mdn.net/sadbundle/14333778370720956416/ Frame B25B 5 KB
5 KB 74ms
73ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/Volvo_Black.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5be30616d437d2baf9041a6648598542ae30fed30d261b002266e5d58969685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4824
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 200 Flash.png
s0.2mdn.net/sadbundle/14333778370720956416/ Frame B25B 3 KB
3 KB 63ms
63ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/Flash.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baea5caffda9109fe3fe251376d60a25ea43c846fa7bb8dc4b15da44a78c6760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3431
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 200 Floor_extend2.png
s0.2mdn.net/sadbundle/14333778370720956416/ Frame B25B 56 KB
56 KB 66ms
65ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/Floor_extend2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f93264606087b4c1dd4e0bb8bf2ed92549c53fe8b5f095d214c4e72a765f5482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57259
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 200 Spritesheet_XC40_MY23_3.jpg
s0.2mdn.net/sadbundle/14333778370720956416/ Frame B25B 826 KB
826 KB 78ms
78ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14333778370720956416/Spritesheet_XC40_MY23_3.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7005993ffb58b0f035fe085bbe16659d833604b1a6a5811b168978b32ca181cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14333778370720956416/index.html
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Fri, 25 Feb 2022 16:42:41 GMT
x-content-type-options: nosniff
age: 93951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 845547
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 10:31:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Feb 2023 16:42:41 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 101ms
101ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022302&jk=4131258251116565&bg=!CAulC0_NAAas2QJZrNk7ACkAdvg8WspLs49iFahcLJer0T0MxA_aUPIpLld9tK6kYUDP9zVdey8YXAIAAAEJUgAAAAJoAQcKAFK2A9ROq3MbT8_PtVixU2cYs0DUymcPiy7LGId8xd2YDeZk8EnCkmPe0-8pRigNKqFLyb-8vDY-wrdbFAqzsp6-dDkTW39t-RAZxKwfb6EmcKaBmQJsPz8RSN8KxoSPJoJNrxbSZD6toC73SCSQlwi4V1WL1RtPpKDVwdMEo8-pz6LetNK-GxAkPsXBUZntGnHOhnM4Qf_jB757nFqS2lKTapBat6di2BuBNb7ZAM-O7eW2CiQfHKxYSgug71XgqZhSwhIHBo8moYOOpdWgjIR3_6QUmhUaFGqOc5vLmq37qazDky-GEtFF6Z6s6yxZs8ZSx_oSnmca8Y8vO1ugvSPB2_lsOvF3qBb0xB4_y1Eu7WCEyNFqCvTdGWcpgBE_z7AuQtbjOMF1lveqzdo6RMvbXl3z7DQnIKX3nL4_EzCxTMbyaG8iEXt2-XaJ-KlG8ZDLxR4F78QwQuONCjutvbstfBFS8Z3xtsnLfaPAfQZoZBcZpqvBbwA1hPygmEvkoaeLwBkwwmPY88muj9fB1BvcOZjCTOqBcSBhHn0TevEWFu6GlqsIoTPlMhddo_OaErva0OQJtyJF7X_36sThz9u4TBPPxIpuO-2DYhmEcTTP13flAV0mqn3KRXVyslM3RzGyFInZ4tXVMRFM3XZdGzM0VBrRCBRjb6TjuYvFjp6SzTee8fwhAZ-RoEYSzQV4u2GhJtd2pSIlMwWoOPMG-NfyshdaaHF45ggonyJHaB03mr8wmUETrrnoxCQieqHWp-wTt0l0-FnXPfpADu-QpnNgArOmyPKM6IM58ccka9Ghkce9n5NOGDhrBAR2gq6s6dSbt5NawgUyMaW9B-MXUIym0M0UMEWR_bMifGAI3kCTSDUNje_k8JPu3TrQB-8xKtoseovHmSndjj9FDAKFUDEyzx9rwc3ElvteT70xsgrou7s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D03C 0
20 B 101ms
100ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BO72XAHYaYrDjCcHL7_UPoaeH8AYAAAAAOAHgBAI&bg=!WlmlWR3NAAas2QJZrNk7ACkAdvg8Wiye7xaw5Wm9KrrnW2MJ2xczBJq3UuPAerK-kjA4qJa1WjjmFAIAAADNUgAAAAJoAQcKAAKt8ZkC2MMlYg650Nktj_xwtMOyJ2PDzuW8wphiNch7kqdHU-hmNkk5EKr4s3Rf6nYHGBM5hZKggrbIBLAXVQbKPMvAsjyM18XBJJ4jqD-MHk29OCtYxkVtTxyF0iwHmMKUmI95iAHbT_mNFFHWaxp9PYa-TzOEdhWKLf3IwWg2Rf1n5wEju48VjyYjZhWLB0yAI1UuO8uy5YDelFbVavcQEo6oV41P3GWL4QeCblHUfv0vNnj17GhwQW0WBiT0KspOaqkjbQwkh9jtCR6cksV_f4Z-HrvZlo-qquG2xldHyFBZllI2hu8rACox1sqZVADtTc2BgecuVy6QOToFNP0xi---mXdITfyZxk2SbSWSjq0WiAnmBMtb8EZOjcVz46eGZxx25HB79CrSjVu-erK1jOQXexdzzxoUtudFTfhFQMz-kghID5pLWNXbt4lJWoDxPUIZDtXFXZvRXL4Sn3ClIuCYeWDfK05Lm6YTTj-9qWAeVE7PXb7EK2XftGb9m1T09OZOyTTnzvpyAewgB6kSGTJu2jVMnsgKzvclCxGJ9-dM3myMJPz4gpLMa3HVcMZUTFQXDPmd91rONajE9eupjRlpXD2HF053TRZc8qcJN1iD_ZAV-B9UKY67tvZ6UaZVTVd2UuRks2dKo6AG0JR_jNwm-UN5RUcOKHx2tvbAhgJVi6WCS7PEkTWddXm5foOT3qpy0wWwQ3EiE6_FipLolE-3dLe_7L_EDGWz2HnCyqwRG_yCvyg92tQO9GljcDNjMbmi6UUmfm6qe4mXmJWaPU6XdALgf13LnIKeFtElSInUM-J6Nk_BAMjd_X9VTjOUt2vgL_zbU-SO4tSNl-HBmc1hDqyLWCM6Wi8380KEo1KrPYdC_03PtOgbPv2SbP9eDmvi5imq6FejxlfOqzoA59w676w3s-pdcMKTCbj9ehOVJ6IqF1JXgo95YIwteCgzVeQ8uIs6rKdvHR34

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B588 0
20 B 91ms
91ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B2Bw2AHYaYofsCf2Q7_UPqvaGoAkAAAAAOAHgBAI&bg=!HxylHFjNAAas2QJZrNk7ACkAdvg8WueIizmv4pXhFPHp4WVy-Eav1n_g07A3wTN5pa0g-9ICoVSM0QIAAAC0UgAAAAJoAQcKABq2aTcnQ14tqgJ6yAqbe0dNH8q9xTtgd8DL4JkC6CVp7268t-B6Hm14K3WwqkssiSfn95iRuLxyp0xpIIkD0dZxwmSlbIvVvfgi3dVMDqBsOgDCuIjnBgMXPldUiutJRxdcZ9W8U2yebtFVsXD4XQJGgFf4JqTaSu2f-2ZwVqIEmNYCOJ-dbOjbKpAgxcc6VSXuZYiJKBP2cy7H5o5wvMKWsGzWJ5abMQD_lLNrBq4j6yRPWjCTQQjzgdYxzm4w-hy-YZ9Sh4MPSriyykMH__sQYpM3r8Yqjtyc6xrnvq6F6ahq6WK6CstGdiWu6jFMGHJojNWgxB5PkLgKHClPKQ9YKStqabsEcJUJSFr6NDp3F-8t-q0PdBAts-hqaBRQNPwgM0l3Pklzpr35cBZlxZwL1eEI4XkFbrr_OIiijbFlt9P2yr17ZoQZxu-EY4z7jkdFLL6uyeUEHYEg73RqUNtF9g3jqml1kz3mFgzOms_ZuIn5aPEraMtYRYR50Em1MKfOSb_RDNUYJZrqC6kK8XyGk02CQ-vCLu7Vnji9BG2CjsMVQjGbmE8b23gk_S6ridXqvYiMw5jwaRgyT0nUJQUd2SiLxWdYgOVxhJkkP56R9VVPZW1Xy7D7KONAT17KhfwdjLPJsfyyEShRuyh_Hw5V_FZEUIRmLcG0ZLn1DhfwN1Tdutci08uAw4AWvxoyH5NqXzgHAE6f7addD56LAZ1F8nowboeLXjMGpYhop3JAsn9k1aLlcImNi0QXHQjY7bcB_3JWB8x7dX31csOlp1aCJVjYmUgd1qYQ8ZU0c_tRUa8TCB7XpVgInBeNvgRfzVkQx7CTSAvawRAgf_rb1q-I5YgG1t7A_pRWjNDVuRxO7GHZeW-LbYhVZpVhOFV-wmX1SZCqLdU1Z1J1qvz3IaqRJhiEQIJjWWRSLIfMmTeYA5dG3qjKI-k5lV2LfSOMLyvct85_68vHCjnFUXzAJyGgHbp1wH37YndszHGy-HROcqjeE4fPCzhbixxbut5D3LDh3OmwYw

Requested by

Host: a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
URL: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B2A6 0
23 B 77ms
77ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuT0tiCAyc9vTi5PVKfnc08RXZY5sS41HqrSKP66a7P9yhcoJuklwT75kwpsgtreoHqy9lH92uq7DN7Uak2xMZYh0dBALRqd0MQNVw5LUDoSL8DgQhpvxqX7tI4Oe22Z-L-KvvXAkAVWk5psy9JYNfQ9rwUgHnf0uYdzDJrZnhjgpkcT5BVmL2pDQhDnx4N1pOGCryHvzmvtfV5ntjxLGUsduWTpzmMgAlCjbnWhSSTf0vDcV_8ElzRiqDtrb1l6eKaaBHV2x0mdNmYKTWolLgHHHEK1rv1obe_kbEDjAT6Qko96rGNkGhl5m3rndzJcvyNUziBjm7MSB_WMWuEwWyQvHYbhdbPgzudrps9drThKScfO8FLPZ-1brqjNtbwAb4pCX5fts__GzsLSZb9nfR8gOJYH4Vgp15pgmbljRR2rIeS4dfTX5dCXJtA79AlXfLzKHI9b-SHqwFNXR-COjXyhG44vAkbzhNf02gvnvWX3uhj3kbaGim1OW4sNSnf0KWooamudfl4VTtszhbQJikYLDotVMJSCYgqh-AtIW9CmePsY2_xhY8mVnGy18grK_6YuBh2mhNciHbOJHUvH5owuqjcmDnf47r1_aCnZmSCRkKe5DFf85TV7BobkAoL47WbKuWkEPrZ7OXycdIZdit2ea8GwDC8yaE0LRWdqUt8tAgsDPsOYwswnOH9r1fo4P_WC0JL8KC-Ad1ot3masPdwzikfe7cS5CQQzKPcaGZErVrujAldADopsiNM_WzpaMTmAdvKEgMOGAPpi_K8OuDi31MB-tnW-jebF1k9lKJnHaAPC_iUpZ-Mcwps4En3JrtXfSlcjXxMnIXOJqOujNbD6-qbtiSk8IoyfoQb-rjMHo-xo2ilTKvmSaynMj8FSDslTTMa5pOvEqntriB6n79LuPRznoruIY9_rDt57vl4uiffIWRgnHz7ZGXzNGW1v_Xom2oGikTJTTmJx8DXpl10gDStuJjTZvq8-weL7LC214ij2152kssCMUbQZI9q1nO7i1JrVY3QLpPY-N7hYO1Wme-GMOPjwrv1Zvoxsyw_kTfKhAbBaZTsNQ1ZRnsgzB7bBEtHrc4y1DpRvr18tn4Z4UP3Fehq2yPpkDOeTKawaXauzk9FILnoolJ84AWAKZg71U2nhZjymSzPO4nzMFhAjdqBNSitGPdeKNNcI8nLcQaqdwNgSgnamd3kG0fwi1_MLvsDLyx2KdCO38MLHOPUD5JwkmOjO0T_80TYus8KslHdk2VW3-YUB4fiMk0&sai=AMfl-YQh_bOflKQ7W3N7BWVhjBCpzQNIpKS9_mB0YuJEP-LMa3auDk9Jrb1i9t2JdbRhn9Rw1JZZCvw0Aivm6KfIvHaC0HsTYlaEX2m-aejn5gS3e4cHNrJX7NSO0o4pBLN6GmrhIUE1h4_yuEwXSxNaiT7hz93yzw&sig=Cg0ArKJSzADqks3iqF-EEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=550&vt=11&dtpt=387&dett=3&cstd=161&cisv=r20220223.59023&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F153 0
23 B 73ms
72ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvnS8KZFY4PLW6o__tjFA-BGrsRdi4LgpkMZ0HYZe4V73xA5CIGILXbKeht9-eQYxJRhLWi9BJEhlX9UJv7PV_ScuFjdqYMO7hOZweekovJc1hHUdW3-iBD7clyfOUFstqf3K8jahp_YoEnKuj4ZA5II9A3-z-3l9Sd5byDhN46fZzzOhh1d0CpMo17LZEd8FwPPiOhJWNFSEO6tsYnHya17teP1wwraq1QqTIZxZM9iCoM2DQ-VqoUmhdQkhmwPUdZCKaLc_RS9xXxqaphgc-WE67fV954vfbroUCxC19l9gsn_T7goUx-Zt0glX0PRP3FC4ArjwiaGTBelVoc9ehmSXIZ_joh_NtoYydhDRysA0zEbhXtxQMI-brCN8u_RqGqbRItxYVfPwiHGNZolmYJlOlXWkny14IfrjRTmLe_aonDyebhhk5z7wCbL_34D3AnRMlKZ99ksIMir3-9-u1RZk5xg-WtzHSIvpeFc9fM65ytfaL_UmvVdjHJoogxN4FbDz77LKmm2cx5fdyYIxRS2C6fRI3eefjs0KithFDw-LGDGYFVEau0NoooOMKAsHGF_2sMQgEEJjoPQ3v1qY9i9Qsk-mvIoMzNl90ScFDJjE7bcKHmXXedxW-7AoCYaWAY4YKxsBTEPljSHPIAanxkrKbfRicQ_SvDnJq4-mHccbNj-RJ84cwZTBD7Z4f4fN1GdvTxr0pHZen9b-iBlrTS6wVU8vUZYETxlAdYzB-6BZX2F-uqH9dibWjCcCF1ABfNELcyIxpSp3irJFLzBsOo5Rx-K4PD65vdJUU5uj3pmwT9GYaQO1Oq05FWZJE2KN5UpFYT1HGCvh5ylOtPGcffCBSm7_kA-w8nyuOFSDWOQiUbLnXVcQzMAJhzbRUkv6Mjr0Cd8i3OyLBNebqNUezMKEXAEMX5L0VjQ030jUdKV965a93UeolL1we8_HrS_0JeJ9yUDVC2dt_TI4dheBOKaaO94s0O-FDxPaU5kyE0mAoFEKyvQ53b56_D_BcPnHxw-x70eFH-ORODzSdgbk24UClm73d2dZC3YmvE0jQbQfU9HKPKiQlyN9lh9tPlc3KnJGZIxZCOSWjIEpYIMN8j1M6bq4zNp-QJdXdOB8AzbZ37j6YlF6OwwjtzIXlwO-CtqEFZiWWRuJjTdwIJKpGGnhroA5rSKeBdYPD8SyO8ApiQ48Y3nP17_cv6wrrdbx1asdS2-kHzdoBbXZU0qfFR_tS9egeuG3bUT0V4P_3vYhVKLYDD01McA&sai=AMfl-YQQj5srShOzT4kme9etzhpapEq-mXw0ycLz4bFAxktEIyEnFfX-WNBvM9RccBoqLZ5Dug77NQ1k3IaGDH7iimymhoXvxHfTJmhk6dZctpAaESuagMT4qESRW7XhuiNZteDdEfRU6_U-osGEsBm_WaldEQoU0g&sig=Cg0ArKJSzAQSPGXXytjVEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=666&vt=11&dtpt=504&dett=3&cstd=160&cisv=r20220223.21435&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: 2plus2.ua
URL: https://2plus2.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Feb 2022 18:48:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK chunklist_b461000.m3u8 Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 692 B
1 KB 206ms
68ms XHR
application/vnd.apple.mpegurl 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/chunklist_b461000.m3u8
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 4e8c87cecd0b0938b084f7ea5eb647a6089dce2a7a3b49e771a90c7292e238ea

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:33 GMT
Server: nginx
X-Cache: HIT
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 692
Expires: Sat, 26 Feb 2022 18:53:33 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 104ms
34ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F2plus2.ua%2F&domain=2plus2.ua&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://2plus2.ua
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://2plus2.ua
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1198
date: Sat, 26 Feb 2022 18:48:32 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F2plus2.ua%2F&domain=2plus2.ua&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=kbOz-3xpSlV0Z3NKdXJqSWxPeVR4L1lURCszMWc4ayttaCtTWHFEWDhjZ0RKaUhITUZpRFh3Z0EraU5oRHZveWNlWXR0N1U1dTN4R29kbWtYZ2xiRWQzVDlkdXExNUdmclQrTkVQbDNyWnZBSXpDajRSSE5haE5qMHV3ZU...

417 B
661 B

33ms
33ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=kbOz-3xpSlV0Z3NKdXJqSWxPeVR4L1lURCszMWc4ayttaCtTWHFEWDhjZ0RKaUhITUZpRFh3Z0EraU5oRHZveWNlWXR0N1U1dTN4R29kbWtYZ2xiRWQzVDlkdXExNUdmclQrTkVQbDNyWnZBSXpDajRSSE5haE5qMHV3ZU1FWktaekpROC9hdmNIczg0L2FwSEcvWldYTm5jYk1QZzVOK0t3UElOaDRmbjhITUphalhDVGY5Qmh1QlUzTzk1U2V3SDV1Z1VDc0hmZ1pUT0RkYVU3UEpQSmR4VFZhL0E5ZXMvSGZkSXVLajFHSUl0RytwbzQ3MjdFVDBQUjR5K3V0bU4zMmxLajNBMWhwUHB4OEY5eENoVFBUcWZKUT09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

83a20968a05660e2a1830f23d4619da53cb6c5f0e8ad9cf906d7fef3e0db1804

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:33 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2697
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:32 GMT
location: https://mug.criteo.com/sid?cpp=kbOz-3xpSlV0Z3NKdXJqSWxPeVR4L1lURCszMWc4ayttaCtTWHFEWDhjZ0RKaUhITUZpRFh3Z0EraU5oRHZveWNlWXR0N1U1dTN4R29kbWtYZ2xiRWQzVDlkdXExNUdmclQrTkVQbDNyWnZBSXpDajRSSE5haE5qMHV3ZU1FWktaekpROC9hdmNIczg0L2FwSEcvWldYTm5jYk1QZzVOK0t3UElOaDRmbjhITUphalhDVGY5Qmh1QlUzTzk1U2V3SDV1Z1VDc0hmZ1pUT0RkYVU3UEpQSmR4VFZhL0E5ZXMvSGZkSXVLajFHSUl0RytwbzQ3MjdFVDBQUjR5K3V0bU4zMmxLajNBMWhwUHB4OEY5eENoVFBUcWZKUT09fA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://2plus2.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2915
content-length: 541
expires: 0

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 212 B
526 B 173ms
47ms XHR
application/json 51.89.21.10
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/457194/hb_298309_11708.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.10 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p24.id5-sync.com

Software

Resource Hash

eb08a4a261b14a7c782b495b0a16c1f47279b6a896e331559a74627cada09914

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://2plus2.ua
Date: Sat, 26 Feb 2022 18:48:32 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H/1.1 200
OK media_b461000_0.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 751 KB
752 KB 138ms
138ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b461000_0.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 40d0f77d47d93281d82c77b8e654746aad4d3ec1e36509a45e134b573d4345d5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:33 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 769484
Expires: Sat, 26 Feb 2022 22:48:33 GMT

GET
BLOB 200
OK fe017bcd-2e6d-4b3d-99a0-1430d84339a5
https://1plus1.video/ Frame 7057 60 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://1plus1.video/fe017bcd-2e6d-4b3d-99a0-1430d84339a5
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae4ec9fefbb315d56970aa7df705926266645ffcd7cd458950c4ba46bf435008

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Length: 60965
Content-Type: text/javascript

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 2A7E 42 B
64 B 62ms
62ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssdf0yjfnxJmEzz5zT9XvmTrOJUEnHpBNAmEaJcYOW2dev0gnCYghrfDBmnM92aGF0wrck8fEoinT7JDdmUkivKyTnzRkAmekWLdhs66fGW7x97Hoh5IQ&sai=AMfl-YRC-9zCBpHOY-gmTVrkUDpLZq3QOaE_nTngLt0e23Q4ItpwYXrj1vcht_H_oRqPLRMLbs_MYY1fOZbPuxlhErckcgssVQNuNmAWRF9qLepAak9vm3d3AhiSUCTE&sig=Cg0ArKJSzJ9y9gbqgvpaEAE&cid=CAASF-RoigUXFEgkCZghveCiwOtvH-berBGc&id=ampim&o=80,1020&d=1440,180&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=291&tls=1291&g=100&h=100&tt=1291&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=4136652780

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://2plus2.ua/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B2A6 42 B
64 B 63ms
62ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstiW4w4uXNqFfLrL-q9JDy49MAsbmtT8e4t9uqfbnFizFtrnIWh14-rsw3VcG1MzLeXpCDE4FacRMwe4Lnc4KE7PK-3gFTJUicAdJW68-j-s4UT1gVTZA&sai=AMfl-YR9xHMJ_cra0UM5liBs2TpWQECAZ87hLy6ewqjc7JjXXGHtmLxCdlA3UMQ3xDRv09n_csjVK83tvuFuDC96EXLT3ZfssoEXfcu8f55uide5vZBl4uyPlw7J_Mi9&sig=Cg0ArKJSzKGlx4zQJ008EAE&cid=CAASEuRoXb009o2heXbogxZxaGeexQ&id=lidar2&mcvt=1003&p=645,992,895,1292&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20220223&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3937908213&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1645901311989&rpt=354&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 91ms
31ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1031
date: Sat, 26 Feb 2022 18:48:33 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK chunklist_b1728000.m3u8 Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 710 B
1 KB 68ms
68ms XHR
application/vnd.apple.mpegurl 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/chunklist_b1728000.m3u8
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: dc7554dcbeab80be95184a468720eadec990f430205541d24de81de25298b5c1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:33 GMT
Server: nginx
X-Cache: HIT
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 710
Expires: Sat, 26 Feb 2022 18:53:33 GMT

GET
H/1.1 200
OK media_b1728000_0.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 3 MB
3 MB 69ms
69ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_0.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 511ee2ce6ac65d1140581b81e4ce96f5dc891fb7660b6f5d5a67c79f968150bc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:33 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2709268
Expires: Sat, 26 Feb 2022 22:48:33 GMT

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 345ms
345ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://2plus2.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

access-control-allow-origin: https://2plus2.ua
date: Sat, 26 Feb 2022 18:48:33 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H/1.1 200
OK media_b1728000_1.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 3 MB
3 MB 69ms
69ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_1.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 7106161014c0aa1e029292e3fc02f42bb3e3b39206251c3d6e14e5983c4f2081

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:34 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2841996
Expires: Sat, 26 Feb 2022 22:48:34 GMT

GET
H2 200 redot.js Show response
gaua.hit.gemius.pl/_1645901314274/ Frame 7057 2 B
230 B 54ms
54ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/_1645901314274/redot.js?l=107&id=ByA1NmOpnbt8LmYqyjQkWrd8.l0YgocyqLXiHjiJayv.h7&et=stream&hsrc=3&extra=_EC%3Dseek%7C_SPI%3D1645901312282%7C_SP%3DGRsFFLJ2%7C_SPS%3D655x370%7C_SPD%3D2plus2.ua%7C_SPV%3D100%7C_SPR%3D655x370%7C_SC%3DGRsFFLJ2%7CcurrentDomain%3D2plus2.ua%7CcurrentNetwork%3Dhome%7CprojectID%3D5312%7C_SCV%3D100%7Cmute%3Dfalse%7C_SCR%3D655x370%7C_SCT%3DRosiya%20viznala%20LNR%20ta%20DNR%20%20Sekretni%20materiali%7CvideoType%3D3%7CUserType%3DNotAuthorized%7CCategory%3DNWS_2P2%7C_SCD%3D211%7C_SCTE%3DVideo%7C_SCPD%3D20220222%7C_SCTY%3D12%2F00%7CcontentType%3Dnegative%7C_SCTT%3D1%7C_SED%3D0%7C_SCO%3D0&eventid=0&fr=3&tz=0&fv=-&href=https%3A%2F%2F1plus1.video%2Fvideo%2Fembed%2FGRsFFLJ2%3Fautoplay%3D0%26l%3Dua%26logo%3Dplus2&ref=https%3A%2F%2F2plus2.ua%2F&screen=1600x1200r1000&col=24&window=655x370&ltime=91&lsdata=lHvW5lc_KJEgbcMh_V7uki1JUJb0wIcsNl7tff0KLlX.z7BKSYrq3G7xpocjT0B_2WmeKg0_Y.mKJsTOZ5plWQLZOT9f/HzDlFrcQ95IXA/&fpdata=-TURNEDOFF&vis=1
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:34 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 2
expires: Fri, 25 Feb 2022 18:48:34 GMT

GET
H2 200 redot.js Show response
gaua.hit.gemius.pl/_1645901314281/ Frame 7057 2 B
185 B 362ms
362ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/_1645901314281/redot.js?l=107&id=ByA1NmOpnbt8LmYqyjQkWrd8.l0YgocyqLXiHjiJayv.h7&et=stream&hsrc=3&extra=_EC%3Dcontinue%7C_SPI%3D1645901312282%7C_SP%3DGRsFFLJ2%7C_SPS%3D655x370%7C_SPD%3D2plus2.ua%7C_SPV%3D100%7C_SPR%3D655x370%7C_SC%3DGRsFFLJ2%7CcurrentDomain%3D2plus2.ua%7CcurrentNetwork%3Dhome%7CprojectID%3D5312%7C_SCV%3D100%7Cmute%3Dfalse%7C_SCR%3D655x370%7C_SCT%3DRosiya%20viznala%20LNR%20ta%20DNR%20%20Sekretni%20materiali%7CvideoType%3D3%7CUserType%3DNotAuthorized%7CCategory%3DNWS_2P2%7C_SCD%3D211%7C_SCTE%3DVideo%7C_SCPD%3D20220222%7C_SCTY%3D12%2F00%7CcontentType%3Dnegative%7C_SCTT%3D1%7C_SED%3D0%7C_SCO%3D0%7C_SCQN%3D854x480&eventid=0&fr=3&tz=0&fv=-&href=https%3A%2F%2F1plus1.video%2Fvideo%2Fembed%2FGRsFFLJ2%3Fautoplay%3D0%26l%3Dua%26logo%3Dplus2&ref=https%3A%2F%2F2plus2.ua%2F&screen=1600x1200r1000&col=24&window=655x370&ltime=91&lsdata=lHvW5lc_KJEgbcMh_V7uki1JUJb0wIcsNl7tff0KLlX.z7BKSYrq3G7xpocjT0B_2WmeKg0_Y.mKJsTOZ5plWQLZOT9f/HzDlFrcQ95IXA/&fpdata=-TURNEDOFF&vis=1
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 18:48:34 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 2
expires: Fri, 25 Feb 2022 18:48:34 GMT

GET
H/1.1 200
OK media_b1728000_2.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 2 MB
2 MB 70ms
69ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_2.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 7a8e9c25d3e8473afcf8050856e328448c3ccfab437432b347a291c89ddaabe7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:34 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2443624
Expires: Sat, 26 Feb 2022 22:48:34 GMT

GET
H/1.1 200
OK media_b1728000_3.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 2 MB
2 MB 70ms
69ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_3.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: d976d38e44b42ca0e5775d66f28cae394cd3256c52ffde3747fff3a16cb004ee

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:35 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2492692
Expires: Sat, 26 Feb 2022 22:48:35 GMT

GET
H/1.1 200
OK media_b1728000_4.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 2 MB
2 MB 70ms
69ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_4.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 74dd92ad81564f1ab79f784199e8c63fb0a2e38679ef617df2f9639c023fdda4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:35 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2028896
Expires: Sat, 26 Feb 2022 22:48:35 GMT

GET
H/1.1 200
OK media_b1728000_5.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 3 MB
3 MB 70ms
70ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_5.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 031995854404216b5953fb2ca43e90f1160d176b0d9e0020b588ff707adb4c39

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:35 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 3284172
Expires: Sat, 26 Feb 2022 22:48:35 GMT

GET
H/1.1 200
OK media_b1728000_6.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 3 MB
3 MB 70ms
70ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_6.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: 0d42e7fd06b7b921d97a92977588844d78df8e23a43512bc30428a23ef8f637e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:36 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 3218748
Expires: Sat, 26 Feb 2022 22:48:36 GMT

GET
H/1.1 200
OK media_b1728000_7.ts Show response
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 4 MB
4 MB 70ms
69ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_7.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash: de56957f527c2052103fb6030157a9914a119257c0f99832b80a4a0e21dfb046

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:36 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 4122464
Expires: Sat, 26 Feb 2022 22:48:36 GMT

GET
H/1.1 200
OK media_b1728000_8.ts
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 2 MB
2 MB 70ms
69ms XHR
video/mp2t 195.137.240.56
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_8.ts
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/hls.light.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.56 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: vod-k2312-kbp.1plus1.net
Software: nginx /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sat, 26 Feb 2022 18:48:37 GMT
Server: nginx
X-Cache: HIT
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
X-Request-Time: 0.000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2267656
Expires: Sat, 26 Feb 2022 22:48:37 GMT

GET media_b1728000_9.ts
vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/ Frame 7057 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48106&zone_id=2153570&size_id=15&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=62664075-05dc-4570-b7cb-c6d981958861%5E1&rf=https%3A%2F%2F2plus2.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=cd480d54-c894-40c7-96b9-7767e1457333&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.11927616378490824

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48106&zone_id=2153570&size_id=10&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=62664075-05dc-4570-b7cb-c6d981958861%5E1&rf=https%3A%2F%2F2plus2.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=7914e3b8-e1e9-4ce4-8805-bcd3cbc16fff&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.43178847829811295

Domain: ads.betweendigital.com
URL: https://ads.betweendigital.com/adjson?t=prebid

Domain: prebid.a-mo.net
URL: https://prebid.a-mo.net/a/c

Domain: ads.adnuntius.delivery
URL: https://ads.adnuntius.delivery/i?tzo=0&format=json

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=15&eid_pubcid.org=62664075-05dc-4570-b7cb-c6d981958861%5E1&rf=https%3A%2F%2F2plus2.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=cd480d54-c894-40c7-96b9-7767e1457333&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.26529009528517533

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=10&eid_pubcid.org=62664075-05dc-4570-b7cb-c6d981958861%5E1&rf=https%3A%2F%2F2plus2.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=7914e3b8-e1e9-4ce4-8805-bcd3cbc16fff&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.07525978997809712

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48106&zone_id=2153570&size_id=10&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=62664075-05dc-4570-b7cb-c6d981958861%5E1&rf=https%3A%2F%2F2plus2.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=141dc0e4-3013-4a5f-ae0a-34f866c189b8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3755665346022994

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=10&eid_pubcid.org=62664075-05dc-4570-b7cb-c6d981958861%5E1&rf=https%3A%2F%2F2plus2.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=141dc0e4-3013-4a5f-ae0a-34f866c189b8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5248331738482113

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: prebid.a-mo.net
URL: https://prebid.a-mo.net/a/c

Domain: ads.adnuntius.delivery
URL: https://ads.adnuntius.delivery/i?tzo=0&format=json

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~l04757ue&c=4883920299753&slotId=2441960149876.5&qqid=COuXwJeEnvYCFR_YEQgdIF0JBg&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fvast.adsafeprotected.com%252Fvast%252Ffwjsvid%252Fst%252F720241%252F57409475%252Fskeleton.js%253FincludeFlash%253Dfalse%2526originalVast%253Dhttps%253A%252F%252Fad.doubleclick.net%252Fddm%252Fpfadx%252FN700925.279382DBMGSKUK-179515896%252FB25721163.315563668%25253Bsz%25253D0x0%25253Bord%25253D%25255Btimestamp%25255D%25253Bdc_lat%25253D%25253Bdc_rdid%25253D%25253Btag_for_child_directed_treatment%25253D%25253Btfua%25253D%25253Bdcmt%25253Dtext%252Fxml%25253Bdc_sdkv%25253Dh.0.0.0%25253Bdc_osd%25253D2%25253Bdc_frm%25253D2%25253Bdc_sdr%25253D1%25253Bdc_ref%25253Dhttps%253A%252F%252F2plus2.ua%252F%25253Bdc_ves%25253DdGltZXN0YW1wOiAxNjQ1OTAxMzExMjI3Cg%25253Bdc_cid%25253D158736984%25253Bdc_adid%25253D507759593%25253Bdc_vpaid%25253D0%25253B&encoded_body_size=0&transfer_size=0

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsupnLRktEzKyrDF9GoJSby853HkdLMGvi5vErZ4oWNogCy3qLs55Y2WPDCYw5SaTy6shYEt3cq9YTglrK16U-wGo37gj22CDxoilslnY3rIf0M3RSUabw&sai=AMfl-YRI0-Lln9SOTUA48nisxGlHsaq61wrIK2x8zv7pHiiTf_abK0KwB4n5PoAE00vNfLHibu4jPzpNfk4jP7WWSc36NfJR1yHRyf12IMsZ1mqG1FzPfc8_4m4DaManf8Az&sig=Cg0ArKJSzI7t_-7LwLKsEAE&cid=CAASFeRo_XcN51XY1qPj8zZ1b_ngYtVSYw&id=lidartos&mcvt=0&p=1025,1015,1025,1015&mtos=0,0,0,0,395&tos=0,0,0,0,395&v=20220223&bin=7&avms=nio&bs=0,0&mc=0.29&if=1&app=0&itpl=20&adk=3276604062&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=3&r=b&rst=1645901310712&rpt=357&isd=0&lsd=0&ec=0&met=ce&wmsd=0

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEJ1sDdZJwZa1p0pLkloQMek&google_cver=1&google_push=AYg5qPJsHCpxeVV7V-vuinOtL59fB8ODEvfoFShwRwTMJvR-823Vv6y9_e70wrpC4pNelHbMnOoMGw5Al4uttWEuUX2x7wYubFiaVw

Domain: vod-k2312-kbp.1plus1.video
URL: https://vod-k2312-kbp.1plus1.video/vod/1645987709/C8xWubE2nwbT8tj-K2kc-A/202202/d/d2/d20e6352d16eb702fd54da7c3e543ffc458b196b79ac737fe4296ce2feac9cc7.smil/media_b1728000_9.ts

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

70 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
2plus2.ua/	1970-01-20 01:11:48	Name: XSRF-TOKEN Value: eyJpdiI6IkNnSDY3WHZvSFVYSHJJaGdKRW53SkE9PSIsInZhbHVlIjoiYkQ2KzVSVk9ObWd5T2I3VG5oWUdHWUtTdzNvREkwbmVuUU93R2ZTNjBvZ3dFc2JkcFFGV3l5SXl6QWJaMlFQSyIsIm1hYyI6IjBlMmE5OTlhZDhjNThiMDAxM2M1ZWRlMWJkNzM4NTJhNDVlOWYzYTMxZjNiNDNlMDA4N2EwNTgzMWRjMjZhZGEifQ%3D%3D
2plus2.ua/	1970-01-20 01:11:48	Name: 2plus2_session Value: eyJpdiI6ImlzSkRXRmVna3RNSzQzMWx1bm81ZGc9PSIsInZhbHVlIjoidTBGMCtocVhcLzNjM3NicTNpS1kyNUxqSUFXcnRoRWp1c3JxSjYrSUtOMldsc1A1OXd3Rm5PazFqeUtTUmNWdlYiLCJtYWMiOiIwZjk2ZDljMWFjYzNjYzgyNWViZTY1NDYzOTMyYzFhZDE2MTdmNzhlMzU3M2IxMjVhZGZiYWU0MmMyYzcwMzIwIn0%3D
.1plus1.video/	1970-01-20 18:42:53	Name: _opov_sid_ Value: ge82hnmm7ghc167lqlq0mr484o
2plus2.ua/	1970-01-20 01:11:43	Name: session_id Value: c6907a81-b056-4bfa-bdae-68b8b975989c
2plus2.ua/	1970-01-20 01:11:43	Name: session_pageview Value: 1645901310.1
2plus2.ua/	1970-01-20 01:54:53	Name: site_visited Value: 1645987710.1
2plus2.ua/	1970-01-21 04:58:21	Name: lapuid Value: c661a2c4-21aa-4466-a374-0162332acf5d
2plus2.ua/	1970-01-20 10:37:36	Name: _pk_id.6.87d8 Value: 92c3cfdf1e1d88d0.1645901310.1.1645901310.1645901310.
2plus2.ua/	1970-01-20 01:11:43	Name: _pk_ses.6.87d8 Value: *
a4p.adpartner.pro/	1970-01-20 02:38:05	Name: apuid Value: c661a2c4-21aa-4466-a374-0162332acf5d
a4p.adpartner.pro/	1970-01-21 04:58:21	Name: apudmg Value: 1
.2plus2.ua/	1970-01-20 10:40:29	Name: __gfp_64b Value: 25sqqw61dn3TVBCg7DX8kaQuNJkmygLDoIY33rhUN4j..7\|1645901309
.2plus2.ua/	1970-01-20 18:42:53	Name: _ga_KRRGZR24WG Value: GS1.1.1645901309.1.0.1645901309.0
.2plus2.ua/	1970-01-20 18:42:53	Name: _ga Value: GA1.2.1789385656.1645901310
.2plus2.ua/	1970-01-20 01:13:07	Name: _gid Value: GA1.2.1107476374.1645901310
.2plus2.ua/	1970-01-20 01:11:41	Name: _gat_UA-3838466-26 Value: 1
.2plus2.ua/	1970-01-20 01:11:41	Name: _gat_UA-113262294-1 Value: 1
2plus2.ua/	1970-01-20 01:54:53	Name: _pbjs_userid_consent_data Value: 3524755945110770
.2plus2.ua/	1970-01-20 09:57:17	Name: _pubcid Value: 62664075-05dc-4570-b7cb-c6d981958861
www.clarity.ms/	1970-01-20 09:57:17	Name: CLID Value: 6fdbc145c83344179689768cc6a2dd05.20220226.20230226
.admixer.net/	1970-01-20 03:21:17	Name: am-uid Value: 537f87bbbda1484ea82d122075a162b0
.2plus2.ua/	1970-01-20 03:21:17	Name: _fbp Value: fb.1.1645901310198.1410310424
pbjs.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.e-planning.net/	1970-01-22 14:30:53	Name: E Value: APIbQw/wHxo9ZlVp
.betweendigital.com/	1970-01-20 09:57:17	Name: dc Value: mow1
.betweendigital.com/	1970-01-20 09:57:17	Name: ss Value: 1
.betweendigital.com/	1970-01-20 09:57:17	Name: unm Value: 1
.betweendigital.com/	1970-01-20 09:57:17	Name: tuuid Value: 80fb08d0-6ec2-5139-8f06-a102ed1cd4fc
.betweendigital.com/	1970-01-20 09:57:17	Name: ut Value: Yhp1_gAE1kjVUCDB1hqyNwnb5BwtozMs9_kRIg==
.rubiconproject.com/	1970-01-20 09:57:17	Name: khaos Value: L0475712-S-CLA9
.rubiconproject.com/	1970-01-20 09:57:17	Name: audit Value: 1\|naVuGyos1qphfjoFTV1ulqJvvWgC/Qcxgndhc+y7+ZArrTwouWxbIq1xYuzlVlH8YQYf3MpFfFvgcRgjl6EitUxkBIWMWoVW3OlDu/ORdD8=
1plus1.video/	1970-01-21 03:28:29	Name: _opov_hid_l Value: eca6a45e-f797-5848-9895-69e48fc475d8
.2plus2.ua/	1970-01-20 09:57:17	Name: _clck Value: 1pivnfg\|1\|ezb\|0
.c.bing.com/	1970-01-20 10:33:17	Name: SRM_B Value: 2E6E88BFD32165660C6899E8D27964EA
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 10:33:17	Name: MUID Value: 2E6E88BFD32165660C6899E8D27964EA
.c.clarity.ms/	1970-01-20 01:11:41	Name: ANONCHK Value: 0
.adtelligent.com/	1970-01-20 02:40:58	Name: vmuid Value: d2da96f8c6a05439
.doubleclick.net/	1970-01-20 10:33:17	Name: IDE Value: AHWqTUntW698Vb4ZAbEffzYTgWLZOubmSpe04IE6CT9If9UATiHYx4aSRud0hmcVlSU
.adnxs.com/	1970-01-20 03:21:17	Name: uuid2 Value: 7105166488981013808
.casalemedia.com/	1970-01-20 09:57:17	Name: CMID Value: Yhp1-4DXaMzWdY.i3j3K2wAA
.casalemedia.com/	1970-01-20 03:21:17	Name: CMPS Value: 693
.adnxs.com/	1970-01-20 03:21:17	Name: anj Value: dTM7k!M41.D>6NRF']wIg2InAv[6Hs!]tbPl1M>e)ZlrFUfJ+tGXxp:b4%`f<zTrh:xu(qTE^BoC^.v3_KCPq316yv3If)y3KL9D3I?+jimgrc
.casalemedia.com/	1970-01-20 03:21:17	Name: CMPRO Value: 718
.casalemedia.com/	1970-01-20 01:13:07	Name: CMST Value: Yhp1-2Iadf8A
.2plus2.ua/	1970-01-20 01:13:07	Name: _clsk Value: 1yjcxr9\|1645901311198\|1\|1\|i.clarity.ms/collect
.casalemedia.com/	1970-01-20 09:57:17	Name: CMRUM3 Value: 2d621a75ff2760CAESEGzAndHGJLER_df4ZiD6xn8
.criteo.com/	1970-01-20 10:33:17	Name: uid Value: 81f87534-dc3a-4f95-b64f-78ba84cc7e38
.2plus2.ua/	1970-01-20 10:33:17	Name: __gads Value: ID=82c15bdba41ebe37:T=1645901310:S=ALNI_MZtpAoGdytxLsElGth3CkZpU4Ssvg
.spotxchange.com/	1970-01-20 09:57:21	Name: audience Value: b21e3502-9734-11ec-abc9-1a7cb9e30506
.doubleclick.net/	1970-01-20 01:11:44	Name: DSID Value: NO_DATA
.turn.com/	1970-01-20 05:30:53	Name: uid Value: 7554357008930639763
.mathtag.com/	1970-01-20 10:37:36	Name: uuid Value: 298a621a-7600-4100-ad23-e11984db688c
.mathtag.com/	1970-01-20 01:54:53	Name: mt_mop Value: 4:1645901312
.quantserve.com/	1970-01-20 03:21:17	Name: d Value: EHkBCQHEJYEA
.quantserve.com/	1970-01-20 10:41:55	Name: mc Value: 621a7600-8845f-d14d0-b016b
.3lift.com/	1970-01-20 03:21:17	Name: tluid Value: 3568879929160383030582
.360yield.com/	1970-01-20 03:21:17	Name: tuuid Value: a69318c5-3588-4080-89d7-643dc46ab4a6
.360yield.com/	1970-01-20 03:21:17	Name: tuuid_lu Value: 1645901312
.de17a.com/	1970-01-20 09:50:05	Name: guid2 Value: 1.5804196358511545263
.bidswitch.net/	1970-01-20 09:57:17	Name: c Value: 1645901312
.bidswitch.net/	1970-01-20 09:57:17	Name: tuuid_lu Value: 1645901312
.bidswitch.net/	1970-01-20 09:57:17	Name: tuuid Value: 3e77aaf8-8edd-49ad-9e66-d3898130e0a2
.tribalfusion.com/	1970-01-20 03:21:17	Name: ANON_ID Value: aXnseFOZb3VhUEjUAvMyj3SZdtvh5mapWx5VvsmhgsNnqZa3GYnusYUHTcnngmeAvPqEUU2ETTh1L0VyBGdKaf9
.2plus2.ua/	1970-01-20 10:33:17	Name: cto_bundle Value: e4wmgF9YUjJGS2pIdFl2VDViN3poUlRwRkJPdkJCR2lySXJERGVjUEd0STVQSlJSNE5RVjUwMWlUU2k2SFAxVEp1VEpjZ1VkcXNRbVVaTDFrdyUyRlJaaWIlMkZZRm5PbjhINFIlMkY3bFVSRnhRUkcydmhTcjFsQTZjQ2hib0RndFRuQmxZYmolMkI2YTNZWkMzMHIzSGJTUlRpemdxVW9FQSUzRCUzRA
.2plus2.ua/	1970-01-20 10:33:17	Name: cto_bidid Value: qse7u19MM0s2TFpWemR0NU1pZFFDWUpJZ3pHJTJGeGslMkJ6TEJ3S1NNc2glMkJJd3FQS2U1UjJST1FjakZpQWUxczlpUTVZeSUyRkMlMkZsczR4TUhCeEVhNDdRQUFhVkZKVzYxdjVoeDJwalk2MUUzNFd5NEdRQmslM0Q
.fg8dgt.com/	1970-01-20 18:42:53	Name: tuuid Value: becc588d-ffd0-4459-a788-ffde2227d20e
.fg8dgt.com/	1970-01-20 18:42:53	Name: c Value: 1645901313
.fg8dgt.com/	1970-01-20 18:42:53	Name: tuuid_lu Value: 1645901313
.hit.gemius.pl/	1970-01-20 10:40:29	Name: Gdyn Value: KlGxFRXGQMGGWKwOL0DW7cXissGMQrxYFenxmG7vRUJFb6aiGsRPO19ogsQsG0YBenMUlXSH08SmbsbsEFQpF8cHSG8.

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://script.crazyegg.com/pages/scripts/0068/3674.js Message: Failed to load resource: the server responded with a status of 410 ()
other	warning	URL: https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js(Line 346) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js(Line 346) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/022202072236000/v0/amp-ad-exit-0.1.mjs Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ppMYxTWIQICJ12Q9xGq0pg&google_push=AYg5qPJ9PlzxjN286xOI-5pjjw98vFf1Bjm9yhh8YEIK8WmJPzV9050F8GRsW4wmkdfKfyKnUrfnROEAtBa3zQYGDAm_LKt7tDoq Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1plus1.video
1x1.a-mo.net
2plus2.ua
5bdcc61aee8ff472b3520748fee18efa.safeframe.googlesyndication.com
a.tribalfusion.com
a4p.adpartner.pro
a5d8fb30eeb694a17810c1b9b283582d.safeframe.googlesyndication.com
ad.turn.com
ads.adnuntius.delivery
ads.betweendigital.com
ads.yahoo.com
adservice.google.co.uk
adservice.google.com
adtelligent-d.openx.net
api.1plus1.video
assay.1plus1.ua
bid.g.doubleclick.net
bidder.criteo.com
c.bing.com
c.clarity.ms
cdn.ampproject.org
cdn.mouseflow.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csi.gstatic.com
d5p.de17a.com
dclk-match.dotomi.com
dm.hybrid.ai
dsum-sec.casalemedia.com
eb2.3lift.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gaua.hit.gemius.pl
ghb.adtelligent.com
ghb1.adtelligent.com
ghb2.adtelligent.com
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
grandcentral.1plus1.video
gum.criteo.com
hbopenbid.pubmatic.com
i.clarity.ms
ib.adnxs.com
id5-sync.com
images.1plus1.video
imasdk.googleapis.com
inv-nets.admixer.net
ls.hit.gemius.pl
m.fg8dgt.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
pagead2.googlesyndication.com
pbjs.e-planning.net
player.adtcdn.com
player.adtelligent.com
prebid-eu.creativecdn.com
prebid.a-mo.net
r.turn.com
s.tribalfusion.com
s0.2mdn.net
script.4dex.io
script.crazyegg.com
securepubads.g.doubleclick.net
static.criteo.net
stats.g.doubleclick.net
sync.adtelligent.com
sync.mathtag.com
sync.search.spotxchange.com
sync.teads.tv
t.trafmag.com
tpc.googlesyndication.com
us-u.openx.net
vast.adsafeprotected.com
vid4.tsn.ua
vod-k2312-kbp.1plus1.video
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
ads.adnuntius.delivery
ads.betweendigital.com
cm.g.doubleclick.net
csi.gstatic.com
fastlane.rubiconproject.com
google2waycm.netmng.com
ib.adnxs.com
pagead2.googlesyndication.com
prebid.a-mo.net
vod-k2312-kbp.1plus1.video
www.google-analytics.com
104.111.242.245
13.248.245.213
142.250.181.226
142.250.185.66
142.250.186.162
146.0.227.109
146.59.18.237
146.59.30.108
178.250.0.157
178.250.0.165
185.184.8.65
185.29.134.244
185.33.221.87
185.64.189.112
185.94.180.125
193.200.65.5
195.137.240.108
195.137.240.12
195.137.240.20
195.137.240.21
195.137.240.27
195.137.240.56
195.137.240.82
195.137.240.88
2.18.234.21
2001:678:cb4:bbbb::11
213.155.156.182
23.111.200.118
23.111.9.38
2602:803:c003:200::31
2606:4700:20::681a:9a9
2606:4700::6812:272
2606:4700::6812:d05
2606:4700::6813:9408
2607:f8b0:4006:80f::2003
2620:116:800d:21:ee05:6a01:4b41:8c89
2620:1ec:27::cafe:2277
2620:1ec:c11::200
2a00:1288:80:807::1
2a00:1450:4001:800::200a
2a00:1450:4001:808::2001
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2003
2a00:1450:4001:811::200a
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2003
2a00:1450:4001:828::2006
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2003
2a00:1450:400c:c0b::9b
2a02:2638:1::13
2a02:2638:1::3
2a02:fa8:8806:16::1400
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a06:98c1:3121::7
2a0c:5c81:5142::2
34.231.128.63
34.243.10.54
35.211.141.197
35.211.178.172
35.244.159.8
37.18.16.16
45.133.44.3
46.249.52.248
51.89.21.10
51.89.9.252
52.142.114.2
52.167.85.21
54.37.238.28
62.149.0.72
74.125.133.154
02980da7a70f044e6bfeb938aa6bfabdcdaa46566a3cfe1ccc21ff051cceab7b
031995854404216b5953fb2ca43e90f1160d176b0d9e0020b588ff707adb4c39
043db8b1db5826cf4eab882a29001355d985089f56a7b3c3ec71a4fa048e5806
0504d9f9a134a9acc6d5ffefacd131df9ed5ac7023d3c2aeecd48a4d0419a3e8
092360b951af669164009eec2ce27582801664fc1deb9f22c077d3f52587e33e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d42e7fd06b7b921d97a92977588844d78df8e23a43512bc30428a23ef8f637e
10066841bfc9534e75adc9de3c5b8f027a6d4cf60e8cc53debef50491928e60d
108fd6650fcce3100649872e56770860a4ff836f69a3deb9f597c977c0d35d67
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12dce315d1b30fafff70b92232490b5b1996e8bebc262cb96da11399f5101707
13a462e8c7a64a1c5713a37708ab3223a032ebe8c55afd1fabc779d6f6a43296
143f50225190e7a587d8e43d7504c7645b29f1dfb957eae82f59977a6cc35c98
16b94ae40b3d349446072ea7d270fbb0843032a5b4e5c916ed59e7bff2cc8f9c
18781707e211fb2e7f02e048f7dabc5797a791bbf6ec7b47a3dcb3810bea9502
1a76cb8e76df2fa521cb8d7126edf5dad19537cd44bf25f8a82c6166e79084a5
1c80257305f727b1498c8c5382e47843618492a3e4ddb98f88bda8ecec0ce136
1ec70c7fb22a0abb4cf77eab8f2b4b3a5c674107b30f1bdf7f4d118a9c61e7da
2675ab1d1852f1aa30e272d7c2b1b9616e1f4771a94860e0d92bc7fca6c3c48a
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
289304e01dc762af587b02ea8020775202009ee086015ddb190d4d0e9e8e0147
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
29236420fbff17fa3a942e841516fa9befb10cf4002d2d2f25f4ba8e07ea1d02
29d0be6d5c023f91ae850c1b8ae7ba90fe6c1bcfec723eb1cc5f498a0d8de09e
2b2036b41bf44fe3e07e591fb232062c622f5498764892f0c5776fead8732a32
2b533fe5c53324b1ed9a449bbd2d899930396f3b03b05b4c06ee83dd98879074
2b7b53998ae8360ed30e190aa7aae41c3a232695371b51550f788c270c7ee612
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
2d03e718a6db9295438e1befbaafd702ea3dc166d0b9692d62d39388a7f46c9f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ffcee5095a35324f3babe2b8a255810072fd7681736d49667c5619934bca56c
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514
33b0845cadfde7b076992b61472f7bbbedc2b1888273abba031afb22e16c7e2f
348da5111bca0bbd3496741f16adc787592b6015bca4ffdbbf3ba0e408da2f8c
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd
373deb961a720e1e159bdafc2ab4e9ad0478f910034025f667c92e21dbd0a044
383e7ec7f7f42ed01c59f95ed5ecac56786c624bdb210eece5b74356803e71d9
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
39220571548b58ae78a03846bcd8621597323406610ca81923789635ee29e59d
3a413998caea2de9f080ae6c2a12b5569e39e73d1405ba0f6c081b3b4c4d5503
3b5162e97e0561b1a659efc32c3e0625a4f6ed0c9eaafd0f8b1c056e3074ab13
3b779fafc04f51dc3be8dc7fe165d400feda9627b3f00559c922aefe7628deb0
3ba1786a67f5b19a64f2e887dd2f857eab87ebfa0dd527c1abb5948cfb7a02e6
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3cdc46e0319bd839b2503911834600c1f9d9ce9cca46c00cf7c73cc35bb2fd98
3d91e787faa8a7fd70f8baa40da6806c8a0a0b8e66f52aaaad241a607c8ef756
3dac64a94fcc4eae3c54f1f12824e9b82bebbec1acb3cb8b908f4ecc1f90e578
3deec1e4d19cb71b80daa6f050c395fccb90d7f1c2ec74a920930d476013cf97
3e50ec9bf9cd0bd36e6893758780613e45003ce16354ba6d3efff6e51edb6ef6
3fd728d9bd11f85dc8199ff8d93fef772802e911ff22a9c0e2a0c2eed13c8b8c
40d0f77d47d93281d82c77b8e654746aad4d3ec1e36509a45e134b573d4345d5
419aab1bd108c2f4f7e1e743d0040ebe54b91ca0ab0ce93f70b853d7288ecca0
425d7478422a02b8592686dd947b18cae0ca66ab39dc437067219356fb7a0a61
42d66f023bb368180a0b3fe8fb92af402514a0c335f3c16279c020398e6b9308
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
47020d4510bed261a6aedd5dee9c1a543aa2347699c8c33da41fb1eb20563bb4
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
4a121bd1f6ae5669d04cb0b6f5cebd7264390473e782973ce9dc8e9b267f23e1
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9019b46768d884816f34f0572435e6b9060ff9d0ef785996285a9b7d97a715
4d338bfc02367faa9afd75da60da83ec713038aaa351a07dc21c04d6ae81bc4b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e8c87cecd0b0938b084f7ea5eb647a6089dce2a7a3b49e771a90c7292e238ea
4f0f883f0889c1e3647236b51c61a4fb91eb38bd7bac32da9d0c387c2268051b
4f1eb8336da2ff616af13bf39fbde0dbcabefa3bad2d405044eabb156e691cd4
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5029534f790b8dbabf3b0a234d6742570ffae74098d29d1c4a7153d8297a8ffb
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
510a67c730ef5d87c7fabfa67f74a08313d55481ddb65499419625cda405335a
511ee2ce6ac65d1140581b81e4ce96f5dc891fb7660b6f5d5a67c79f968150bc
517d4417f1918881abb8b87e7be918ca95b9eb50de3a5ef4a46e2e39626aba7b
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
53bb13075d10d99935317bbcf8f8112d360dbdb07a2a1c2de839ea13dac6e21a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54d441747485b0ce4aa2160e6886895671f866e2f721896cd849f5e818fc2c14
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
561441dc79747d46b37a2512786f952340b2eba13df12f3359c0edab2ddb6240
564790a34f4bb222b6812e6c32b124320b3ccd5db9a922fcff71f72a4bd02673
570baa6d1a93a58670bff6c7013e7ab2432f34c10e6956dc0232407011c8951e
5767504edc32715193265cf5d3b599a76184ee3dc0856d90915fff2474ee1b24
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
59570fcbd745ae7dbeeb64f356d410cd9404e7b9ce6a68c47a3a04d0a6df0a6f
5a2c8407b011bf0af8123c2160fc5b91ecf962e4039e82babbaaa630549c80f4
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5ab16faeef01272fb598679d25ad7204e3d7efa13e7a2239dceb129f7702d3b9
5aca3b3633cf95378125b9d58efa940e31e4132feaeec61027c12235ce290944
5f5844592a67688c09086296e94b9924627188a9239a2521601105b0956fb394
5f9ecc527406b9b72bc3a9f4527892dcf842584b7e6aeb7ce816a4c7c8803954
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623b8ed926c2eb6436ec5a876949f4986eea52ccb69a6a0064164dd9d6361179
6293f521774b6b93d40167b6f8444f74aa28f97d8770e661c48e8f48a56b2acd
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
63e428055bc4277e6d21cd8063ac69fe1abacccd76c33d351fe9f676fc2e9c6a
64018c36747d449e570f24cab8b3c9d1e9ea794cf06a288e5adafff3da652ab3
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
674bcf60b6ec7030ed462580b26dc55a86d093cb012cd0696fb225807c82cbf1
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6a1358ed6c57bf3d8972190a2df935828e75af5c424123a561b9d8a1d1ee7ff5
6aa5844ad135353e46dc232fe26175ca0b49c9b5ae0fca001f03c06496c05c1a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6da76e0407ac20e5be7f38f73d9eae1ffc3bd492aa79769c9d900613db9b5dd5
6e41c86a1b667f6d0bd013c35606a00bf95dc1eaf19623f0fe7d2a7c4f880427
7005993ffb58b0f035fe085bbe16659d833604b1a6a5811b168978b32ca181cb
7106161014c0aa1e029292e3fc02f42bb3e3b39206251c3d6e14e5983c4f2081
714576ef1d7b58980b7658ae9b8b4d74a223fba87934dc442db4098873e179a3
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
74dd92ad81564f1ab79f784199e8c63fb0a2e38679ef617df2f9639c023fdda4
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
7987dfb3e33ffad7c3306b9451b7b70741364c5fa55326abf166f5cb02955fc5
7a8e9c25d3e8473afcf8050856e328448c3ccfab437432b347a291c89ddaabe7
7b32cfa84fdd461f275411a68fff851cb2b5a8b53aaa78895e8a9799a5fae028
7b946422d6cf65aacc59c2b505b7256d260886ce0b4120d358f4616f0ab8ca52
7bfdf14ec92f5531668dfd23d33e18a1a6cb4a2eaaf4f99635505e12f7d908bd
7e1e0e0c71366ac490efb2f72befff3b7f8f6f1075b10c687b98102aeeecf92d
7e69c435e22538279b8dfd15e6f47b0f31c64e8214584117f24fb75380d95c0d
7f573b2edce0b3073451c72bda43d4ae913c43a4ce64d90e69ae2897aa89c1b1
802c09a6c9e475199663132b2c763abe2d857d409b253d87864f26c1ac923fd0
8125632f7d09f54a0bd0c7fcfdfd83db31bdf5b98f0df5c47ef076de58ddd1d6
8165f4a5140073c78234701b5d072f13769cd7811eec3fdadd90f190e1c49525
82f590648cbf9c39fc8f1f80436c424f2fb91afe6b38097a676810ea333d08db
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a20968a05660e2a1830f23d4619da53cb6c5f0e8ad9cf906d7fef3e0db1804
84283b0271462df7595314fa8ab57070ed633174a851712bed2bfd8e6bd92117
8646ee553139c1ae0599dc361ee00aa6195a131f476ea0c5823ea9e2e909ee2f
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
87b3beae1d08bf029d04938bc1d76c7870d450fd75609a85dfafd761cd472047
891bbb47d2add07dd4c05d7ecd02bb2cb830225f03691961af7aa92931c20c86
89c4db4b9b0cf0de71fd82b491e748649118c979edde3c52bcdc8ecb6184a3a7
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d
95729c42a02da01f8e34d6c255971719f0d98215f0b3a712bb58276ada68fb4a
96f357d9c1ce4b2b4bdb683cc4c0d73de11f8f1e20fd5f602cdc39941192a74d
975820027201e4fca94c913a16983075fbdafed29a8150b3150b1d9f02185969
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99d7fb71f63831ed013b06f3ea5a32767a36ac5ef3347c2e5b197dbb01726e29
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9abe1a1a05cd73894d363ea5615445ba952f3976714f31ebc88cbadc24cd67a7
9cff4c52006370a91a7b3ab1ceecb12e448727dc8f8d89d86517c24d06df3abf
9fc647aa2ef1f6aa26e64231a4f860b77f8e5ca45ddb241de99581e1235df68d
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a082bfd96630ab857ec08e4e0055175aae987aea275d450f048ec3fee5de5383
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a2a3e8a315920d6476787999650f0821f0102f07d7436f298cd5d191d19f244d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f
a6a5400cc81606f1841ebf726aa93caa9b340be4f2890f62e815b96ba51b7fe4
a6bf5beb12905f146473e8c734ea9381c2afe04122c6aad4ebc0a94f1fc5f9a2
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a807058ebf08685df00ce02d8ba5b9c01d58ec625569ed97ebbee8ef4cb9ae76
a83c3f260b750dfc47e4e5024eda4b4f80be0c0a3e0ae5111a3b0a799df64448
a9ec6424882c9cc14db575e9d02cabe63dafb72d06af7faadb478bdfdf1e59ad
a9fdd71ab96a164937ae6628f9ca78d786fa5e279c53804fd65c2acb89c49f95
ab913a87b721b324515eba65e3e6824a4eca503780e9deb7e4d375204c282e95
ab9a12e6f18864b6142818a24d3c8c78f9e502ebed2fb3f7e9af11ecafdea085
ae4ec9fefbb315d56970aa7df705926266645ffcd7cd458950c4ba46bf435008
aecc96f3de933796f5772ae501e31041c53d95b8aafee098dbf3a5f567ad8513
af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe
af77539efcf300e5adb7b82eff41e1bcb68b9e6335b910ca097dcb1ee20c925d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43
baea5caffda9109fe3fe251376d60a25ea43c846fa7bb8dc4b15da44a78c6760
bc963544c7b58831207820ca1f6aa75f0265843be105cab7b7c3744155616f3a
bcddf8c32c3d1d0cacc35462e294d7b2589645eff555b50c5bc22d5dbf98ae81
bd9072da49e87b2c3688527532eb51a54a6886366915be497e4e2de0c83e5859
be83b0a40b7af11acdded6959ed76fc0e280df146d722639185bdfe41eb6f62e
bf4b80d75d372b22fefb1daed5d5d5113b8895af5d6f876a67dfaa07b6593c30
c17b823ddee789bdc88b380ce8aa533558cbdef360c5da8e1f9f0dd3b2a1040b
c6c4b7d127b0e942af0ba329db0f154aa28ce56b82faf581aeceb4f1ed94141f
c7571d58fa40f74107002e9991f3b84ca5da3aef2f9f366a7ddc27afb9a90dc0
c813978c203eb98df63ef622f0fd549ca6989556287b3db1cc0ab1fdc09d111e
c81e03e9977dae81a66597e7019e6b582bcb67a9c4add349b692804d7b3830d7
c979ffd70003be58ccc574778b78d9303e8b5b3494a6cdeb01449d65a5a815e6
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb33386457609ed59866c61e2d9b0d4f4c3c5c6e2c7401c0a0a9fd8f5ff0c951
cc232ba48f33edea938abf418e1d229b890994450faad289502a4badee078131
cc3375dd4fc1132aec343d7bdb3409c71ceb390a6bdb7bee9098378ce88c2631
ccb8d6a155366613fa41c3846f6bb477dc6c678c8e747da0a1ba8e173f782b65
cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865
cda10b066a0ce9d6c5d7fbc9751c61bb329d2a500935706c25a0c315b7cc39c8
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d2584c2f4bdc69a755732b678339b0f69b151ddc7aa7e4ee30a0a7eb8079bb2c
d2fd3dcab9136d1111f21f56e0c391c2c0658b22d121fb05125caabc5eeaf6bc
d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb
d3fd91ee62256b439f81a02c678e02a4ac665a52642a475e1cec17e5959db19b
d489b284c7a47477febf2027513819042357cfc2e4d95f74a00b6c30f993a1b9
d57826fe6fa26d7908be0ec030bdcee8920759ef5088c48caa999b022a336f9b
d62f588f5981178d1df3665467f00032c561084d05f2e5bf142f56f3aa065e0a
d6c559fd90502e37b5c45623a495ddf15963e693c73b043d5d082460d75b2605
d976d38e44b42ca0e5775d66f28cae394cd3256c52ffde3747fff3a16cb004ee
da53e83581d8ffce499de0fa266ef8ba21b14fcc77573f8c90552d12437de666
dac7ceb11836f6422ff3584925cff7e59e52906c1b7cd5dbb96b47513fce1453
db1e8ca32d9160e5a98ebab86225e05e9b7557e38d27b0e30d994d4242aae414
dc41a2546e6b5e28ddf2602393ecf0337cf32b46eefecea182a5e3a08f1edaff
dc7554dcbeab80be95184a468720eadec990f430205541d24de81de25298b5c1
dd52ec90fa47f732fb037d6f4a1bb77911238ca57ec25c2587fe71ff6c55be47
de0b044b8051efc27e268d5528d8f8005af88ddc245b9e5f20f9803bcf662d91
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de56957f527c2052103fb6030157a9914a119257c0f99832b80a4a0e21dfb046
ded40bc9b131ce8d897e8319b65b204d44da586ca44e661f3acc33cb6438b1f4
def453926bf1e0d62bf8a4cf5c409dd333a049f547e470a509cc738bede438c7
e029f52d3ee7b5d529e43509e78c8aad836f222e32a308e61360e3fddcec6320
e0f2bfbabb9841847f2a5b6e1a90ea85ed2cda2648ac0ced424a8e9769e38514
e17eaa48f9424540a73c3ab888a8994443dc6703ae56ee7d4fa66b8c142c2346
e24ce462b090fdbb38af89384909309483db1a66bc0d1ce4a5141c4864467868
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3326dd93f98b5c7fae67bf12a01e7f006abce9f1bba34d8ef5e1b9ca3679da6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e478dae2d52ddad3047f7272d5471ca2144c749224c62a312c7c47eb9b7aae27
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5be30616d437d2baf9041a6648598542ae30fed30d261b002266e5d58969685
e665ea268a170af8681e507a516d30725a0b1542f161eb32511647daa47af2fd
e7d9d5249fdad35bd84dd519a414bf0314959d0abc37ff55b9b1f33045855197
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e907d3f2e9ab46e2d2959431618413d3cbe722b9761e406bf765d156b154f90b
eaf2b6fdbfc35c3e362ef56ade03fca93de819e89f38358a8903bdf0c34df664
eb08a4a261b14a7c782b495b0a16c1f47279b6a896e331559a74627cada09914
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9a67860250ef34c7466bcf27fe1ddc29f4a1087f29a6329ee3e50cdf444d13
f01c67334edaf9c3888d6f2198ab1390b86a2434a2826fa8271347bf1f56b31b
f328f4ae2fe983386843cc07db0af78c5fe9fa5ae67812f80062d5baa0e61047
f336a6da2e57a1dd5bcd42f29f901d5252438a16952e4577ebdb6e0871e812a0
f33a206a65c0da6c45927f5d39fccf771ca04c60dd412ce3f801bf26cc11e172
f375aaa522232e786256e11ddb093a95c35026397d3967ba0b66dd427d833a2e
f408ea8d108fb46b0ec7612b384c10211e19f6a21592b34a042751697f4249cf
f496a8da227cf8723a7eda7461943315e18ad5c492acbe8ff7c018a1de41bd83
f76c9bd7fbdf9ac8175846d7d6664bf0946c38e0431c86468279303a79d9ed99
f93264606087b4c1dd4e0bb8bf2ed92549c53fe8b5f095d214c4e72a765f5482
f9c141103b57e547274799df03069c30320e8cb3ec4facad8e6fe7f658f985fb
fa6b6e3804d27952e60bba62059b44a9aa470d384da576e1af8499d358733b5d
fb8ce03c389581661b57ca719e9ef48c4f7aa76efe3ecff14dbe600e1ffc3319
fd8027b53a97cbd5782e85c5908e563c39776703ff9279f50658e630927b4167
ffa5fb7eb8caa6e27bf960fea9a78330f7241b7f92c44f8753e01dab43f63e81
ffd5779490bd7d8ee871f1638647e1dfbee22d8c9bd45ce7bef3f716dc418a0c

2plus2.ua Open in urlscan Pro 195.137.240.82 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

389 Requests

88 %HTTPS

45 %IPv6

57 Domains

88 Subdomains

71 IPs

12 Countries

34744 kBTransfer

41605 kBSize

70 Cookies

24 Outgoing links

Page URL History

Redirected requests

389 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

2plus2.ua Open in urlscan Pro
195.137.240.82 Public Scan

Screenshot
Live screenshot

Full Image

389
Requests

88 %
HTTPS

45 %
IPv6

57
Domains

88
Subdomains

71
IPs

12
Countries

34744 kB
Transfer

41605 kB
Size

70
Cookies

389 HTTP transactions
13 data transactions