1plus1.ua Open in urlscan Pro
195.137.240.80 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://1plus1.ua/
Effective URL:
https://1plus1.ua/
Submission: On September 23 via manual (September 23rd 2021, 3:31:28 pm UTC) from IT — Scanned from DE

Summary HTTP 371 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 67 IPs in 11 countries across 58 domains to perform 371 HTTP transactions. The main IP is 195.137.240.80, located in Ukraine and belongs to ASN-UNIAN, UA. The main domain is 1plus1.ua.
TLS certificate: Issued by R3 on September 9th 2021. Valid for: 3 months.

This is the only time 1plus1.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	195.137.240.80 195.137.240.80	29389 (ASN-UNIAN) (ASN-UNIAN)
9	195.137.240.88 195.137.240.88	29389 (ASN-UNIAN) (ASN-UNIAN)
23	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
15	195.137.240.108 195.137.240.108	29389 (ASN-UNIAN) (ASN-UNIAN)
4	213.174.135.2 213.174.135.2	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	195.137.240.12 195.137.240.12	29389 (ASN-UNIAN) (ASN-UNIAN)
5	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:90c0:41:... 2a03:90c0:41:2801::254	199524 (GCORE) (GCORE)
3	195.137.240.18 195.137.240.18	29389 (ASN-UNIAN) (ASN-UNIAN)
1	13.225.78.14 13.225.78.14	16509 (AMAZON-02) (AMAZON-02)
55	195.137.240.20 195.137.240.20	29389 (ASN-UNIAN) (ASN-UNIAN)
6	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	13.224.193.122 13.224.193.122	16509 (AMAZON-02) (AMAZON-02)
1 12	54.37.238.28 54.37.238.28	16276 (OVH) (OVH)
1	194.247.175.23 194.247.175.23	196831 (BEMOBILE-AS) (BEMOBILE-AS)
7	194.247.175.26 194.247.175.26	196831 (BEMOBILE-AS) (BEMOBILE-AS)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
8	2a0c:5c81:514... 2a0c:5c81:5142::2	55081 (24SHELLS) (24SHELLS)
5	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	13.224.193.73 13.224.193.73	16509 (AMAZON-02) (AMAZON-02)
9	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3	146.59.30.104 146.59.30.104	16276 (OVH) (OVH)
7	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1 1	162.55.6.210 162.55.6.210	24940 (HETZNER-AS) (HETZNER-AS)
1 2	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
1	193.200.65.5 193.200.65.5	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
1	37.18.16.23 37.18.16.23	205675 (HYBRID-AS) (HYBRID-AS)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2 4	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.255.84.150 185.255.84.150	200271 (IGUANE-) (IGUANE-)
1	88.212.252.22 88.212.252.22	7979 (SERVERS-COM) (SERVERS-COM)
1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 3	185.33.220.241 185.33.220.241	29990 (ASN-APPNEX) (ASN-APPNEX)
1	146.0.227.110 146.0.227.110	29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
1	13.225.78.105 13.225.78.105	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:21f... 2600:9000:21f3:a600:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
4	37.157.2.235 37.157.2.235	198622 (ADFORM) (ADFORM)
6 30	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
3 5	23.60.51.102 23.60.51.102	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
16	37.157.6.234 37.157.6.234	198622 (ADFORM) (ADFORM)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 2	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	159.253.128.183 159.253.128.183	36351 (SOFTLAYER) (SOFTLAYER)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
3 3	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	18.198.86.30 18.198.86.30	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
3 3	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	72.251.244.142 72.251.244.142	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	185.86.139.103 185.86.139.103	201081 (SMARTADSE...) (SMARTADSERVER)
3	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.36.109.155 54.36.109.155	16276 (OVH) (OVH)
2	2a03:2880:f03... 2a03:2880:f030:f:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
371	67

15 195.137.240.80 (Ukraine) 1 redirects

ASN29389 (ASN-UNIAN, UA)
PTR: front02.1plus1.ua

1plus1.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 195.137.240.88 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: front02.1plus1.ua

1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 195.137.240.108 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: front03.1plus1.ua

api.1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.174.135.2 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.137.240.12 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: assay.1plus1.ua

assay.1plus1.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:90c0:41:2801::254 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.137.240.18 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: l1-izi-01.1plus1.net

l1.heyhelga.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-14.fra2.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 195.137.240.20 (Ukraine)

ASN29389 (ASN-UNIAN, UA)
PTR: images.1plus1.ua

images.1plus1.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.1plus1.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-122.fra2.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 54.37.238.28 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip28.ip-54-37-238.eu

gaua.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.247.175.23 (Ukraine)

ASN196831 (BEMOBILE-AS, UA)

source.mmi.bemobile.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 194.247.175.26 (Ukraine)

ASN196831 (BEMOBILE-AS, UA)

pa.tns-ua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sslpagestat.mmi.bemobile.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a0c:5c81:5142::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

ghb.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ghb1.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ghb2.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-73.fra2.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.59.30.104 (France)

ASN16276 (OVH, FR)
PTR: ip104.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.210 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.210.6.55.162.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.149.0.72 (Ukraine) 1 redirects

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.5 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: t.trafmag.com

t.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.18.16.23 (Netherlands)

ASN205675 (HYBRID-AS, RU)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::13 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.150 (Paris, France)

ASN200271 (IGUANE-, FR)

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.212.252.22 (Russian Federation)

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

adtelligent-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.220.241 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.110 (Ascension Island)

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-105.fra2.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:a600:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.235 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.181.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.60.51.102 (Atlanta, United States) 3 redirects

ASN3257 (GTT-BACKBONE GTT, US)
PTR: a23-60-51-102.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 37.157.6.234 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.253.128.183 (Amsterdam, Netherlands) 2 redirects

ASN36351 (SOFTLAYER, US)
PTR: b7.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.0.66 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.14 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.86.30 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-86-30.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.45 (United Kingdom) 2 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.245.213 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.142 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.103 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.109.155 (France)

ASN16276 (OVH, FR)
PTR: p05.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f030:f:face:b00c:0:2 (France)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googlesyndication.com pagead2.googlesyndication.com 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com tpc.googlesyndication.com	516 KB
57	1plus1.video 1plus1.video api.1plus1.video images.1plus1.video	3 MB
49	doubleclick.net 6 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	224 KB
39	1plus1.ua 1 redirects 1plus1.ua assay.1plus1.ua images.1plus1.ua	4 MB
20	adform.net track.adform.net s1.adform.net	140 KB
16	gstatic.com www.gstatic.com fonts.gstatic.com	340 KB
15	gemius.pl 1 redirects gaua.hit.gemius.pl ls.hit.gemius.pl	54 KB
14	2mdn.net s0.2mdn.net	215 KB
14	adtelligent.com 1 redirects player.adtelligent.com ghb.adtelligent.com sync.adtelligent.com ghb1.adtelligent.com ghb2.adtelligent.com	133 KB
11	google.com www.google.com adservice.google.com	3 KB
9	googleapis.com fonts.googleapis.com imasdk.googleapis.com	620 KB
8	criteo.com 2 redirects gum.criteo.com mug.criteo.com bidder.criteo.com	8 KB
6	googletagservices.com www.googletagservices.com	208 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
5	google-analytics.com www.google-analytics.com	59 KB
5	admixer.net cdn.admixer.net inv-nets.admixer.net	86 KB
5	googletagmanager.com www.googletagmanager.com	212 KB
4	turn.com 2 redirects ad.turn.com r.turn.com	2 KB
4	tns-ua.com pa.tns-ua.com	4 KB
4	bemobile.ua source.mmi.bemobile.ua sslpagestat.mmi.bemobile.ua	20 KB
3	cloudflare.com cdnjs.cloudflare.com	25 KB
3	pubmatic.com 3 redirects image6.pubmatic.com	1 KB
3	3lift.com 3 redirects eb2.3lift.com	1 KB
3	travelaudience.com 3 redirects ads.travelaudience.com	1 KB
3	adnxs.com 1 redirects ib.adnxs.com	8 KB
3	openx.net 2 redirects adtelligent-d.openx.net rtb.openx.net	1 KB
3	facebook.com www.facebook.com graph.facebook.com	1 KB
3	google.de adservice.google.de www.google.de	2 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
3	heyhelga.net l1.heyhelga.net	63 KB
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net	1 KB
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	ctnsnet.com 2 redirects gcm.ctnsnet.com	780 B
2	simpli.fi 2 redirects um.simpli.fi	1 KB
2	rfihub.com 1 redirects p.rfihub.com a.rfihub.com	2 KB
2	criteo.net static.criteo.net	54 KB
2	facebook.net connect.facebook.net	78 KB
1	id5-sync.com id5-sync.com	527 B
1	smartadserver.com 1 redirects ssbsync.smartadserver.com	456 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	sitescout.com pixel-sync.sitescout.com	191 B
1	quantserve.com cms.quantserve.com	463 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	581 B
1	1rx.io 1 redirects sync.1rx.io	696 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	blismedia.com tr.blismedia.com	142 B
1	imrworldwide.com secure-gl.imrworldwide.com	461 B
1	hotjar.io vc.hotjar.io	255 B
1	creativecdn.com prebid-eu.creativecdn.com	171 B
1	onetag-sys.com onetag-sys.com	365 B
1	betweendigital.com ads.betweendigital.com	905 B
1	omnitagjs.com hb-api.omnitagjs.com	398 B
1	googleadservices.com partner.googleadservices.com	404 B
1	hybrid.ai dm.hybrid.ai	238 B
1	trafmag.com t.trafmag.com	231 B
1	loopme.me 1 redirects csync.loopme.me	207 B
371	58

	Domain	Requested by
33	images.1plus1.video	1plus1.ua 1plus1.video
31	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com 1plus1.ua s0.2mdn.net
30	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
23	pagead2.googlesyndication.com	1plus1.ua pagead2.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
22	images.1plus1.ua	1plus1.ua
16	s1.adform.net	track.adform.net s1.adform.net 1plus1.ua
15	api.1plus1.video	1plus1.ua api.1plus1.video client 1plus1.video imasdk.googleapis.com
15	1plus1.ua	1 redirects 1plus1.ua
14	s0.2mdn.net	imasdk.googleapis.com 1plus1.ua s0.2mdn.net 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
12	gaua.hit.gemius.pl	1 redirects 1plus1.ua gaua.hit.gemius.pl 1plus1.video
10	fonts.gstatic.com	fonts.googleapis.com
9	1plus1.video	1plus1.ua 1plus1.video
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 1plus1.ua 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com 1plus1.ua
7	www.google.com	api.1plus1.video 1plus1.ua tpc.googlesyndication.com 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
6	www.gstatic.com	www.google.com 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
6	ghb.adtelligent.com	player.adtelligent.com
6	www.googletagservices.com	1plus1.ua pagead2.googlesyndication.com 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	fonts.googleapis.com	api.1plus1.video 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
5	www.googletagmanager.com	1plus1.ua 1plus1.video
4	track.adform.net	1plus1.ua s1.adform.net
4	imasdk.googleapis.com	1plus1.video imasdk.googleapis.com
4	gum.criteo.com	2 redirects static.criteo.net
4	adservice.google.com	pagead2.googlesyndication.com imasdk.googleapis.com securepubads.g.doubleclick.net
4	pa.tns-ua.com	1plus1.ua source.mmi.bemobile.ua pa.tns-ua.com
4	cdn.admixer.net	1plus1.ua cdn.admixer.net
4	player.adtelligent.com	1plus1.ua player.adtelligent.com
3	cdnjs.cloudflare.com	s1.adform.net
3	image6.pubmatic.com	3 redirects
3	eb2.3lift.com	3 redirects
3	ads.travelaudience.com	3 redirects
3	sslpagestat.mmi.bemobile.ua	source.mmi.bemobile.ua
3	ib.adnxs.com	1 redirects player.adtelligent.com googleads.g.doubleclick.net
3	mug.criteo.com	1plus1.ua
3	ls.hit.gemius.pl	gaua.hit.gemius.pl
3	l1.heyhelga.net	1plus1.ua l1.heyhelga.net
2	graph.facebook.com	1plus1.ua
2	rtb.openx.net	2 redirects
2	tracking.m6r.eu	2 redirects
2	x.bidswitch.net	2 redirects
2	ap.lijit.com	2 redirects
2	gcm.ctnsnet.com	2 redirects
2	um.simpli.fi	2 redirects
2	r.turn.com	27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	googleads4.g.doubleclick.net	1plus1.ua
2	static.criteo.net	player.adtelligent.com static.criteo.net
2	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
2	sync.adtelligent.com	1 redirects player.adtelligent.com
2	connect.facebook.net	1plus1.ua connect.facebook.net
2	assay.1plus1.ua	1plus1.ua
1	id5-sync.com	player.adtelligent.com
1	ssbsync.smartadserver.com	1 redirects
1	dclk-match.dotomi.com	27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
1	pixel-sync.sitescout.com	27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
1	s.tribalfusion.com	27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	cms.quantserve.com	27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
1	sync.targeting.unrulymedia.com	1 redirects
1	sync.1rx.io	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	tr.blismedia.com	27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
1	a.rfihub.com
1	p.rfihub.com	1 redirects
1	secure-gl.imrworldwide.com	27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
1	vc.hotjar.io	script.hotjar.com
1	inv-nets.admixer.net	player.adtelligent.com
1	ghb2.adtelligent.com	player.adtelligent.com
1	ghb1.adtelligent.com	player.adtelligent.com
1	prebid-eu.creativecdn.com	player.adtelligent.com
1	adtelligent-d.openx.net	player.adtelligent.com
1	bidder.criteo.com	player.adtelligent.com
1	onetag-sys.com	player.adtelligent.com
1	ads.betweendigital.com	player.adtelligent.com
1	hb-api.omnitagjs.com	player.adtelligent.com
1	www.google.de	1plus1.ua
1	www.facebook.com	1plus1.ua
1	stats.g.doubleclick.net	www.google-analytics.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	dm.hybrid.ai	1plus1.ua
1	t.trafmag.com	1plus1.ua
1	csync.loopme.me	1 redirects
1	vars.hotjar.com	static.hotjar.com
1	source.mmi.bemobile.ua	1plus1.ua
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	1plus1.ua
371	89

This site contains links to these domains. Also see Links.

Domain
1plus1.video
tsn.ua
plus-plus.tv
2plus2.ua
tet.tv
1plus1.international
biguditv.com
www.unian.net
paramountcomedy.com.ua
tv.kyivstar.ua
media.1plus1.ua
sales.1plus1.digital
www.facebook.com
www.instagram.com
www.youtube.com
viber.com

Subject Issuer	Validity	Valid
1plus1.ua R3	`2021-09-09` - `2021-12-08`	3 months	crt.sh
*.1plus1.video Go Daddy Secure Certificate Authority - G2	`2020-10-19` - `2021-11-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.adtelligent.com Sectigo RSA Domain Validation Secure Server CA	`2020-10-28` - `2021-11-27`	a year	crt.sh
assay.1plus1.ua R3	`2021-09-07` - `2021-12-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2021-06-08` - `2022-06-21`	a year	crt.sh
l1.heyhelga.net R3	`2021-05-25` - `2021-08-23`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
images.1plus1.ua R3	`2021-09-04` - `2021-12-03`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2021-09-08` - `2022-09-25`	a year	crt.sh
*.mmi.bemobile.ua Sectigo RSA Domain Validation Secure Server CA	`2021-02-02` - `2022-02-02`	a year	crt.sh
juke.mmi.tns-ua.com R3	`2021-08-23` - `2021-11-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-03` - `2021-10-01`	3 months	crt.sh
ghb.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-08-10` - `2021-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
sync.adtelligent.com R3	`2021-08-04` - `2021-11-02`	3 months	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2021-06-10` - `2022-06-22`	a year	crt.sh
*.hybrid.ai Sectigo RSA Domain Validation Secure Server CA	`2020-07-07` - `2022-10-05`	2 years	crt.sh
*.google.de GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-24` - `2022-06-23`	a year	crt.sh
ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-06` - `2022-02-16`	2 years	crt.sh
onetag-sys.com R3	`2021-07-26` - `2021-10-24`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
ghb1.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-08-13` - `2021-11-11`	3 months	crt.sh
ghb2.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-08-13` - `2021-11-11`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.hotjar.io Amazon	`2021-08-17` - `2022-09-15`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.turn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-31` - `2022-03-31`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-08-26` - `2021-11-24`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.id5-sync.com R3	`2021-07-13` - `2021-10-11`	3 months	crt.sh

This page contains 33 frames:

Primary Page: https://1plus1.ua/
Frame ID: 34C1E7EFA617291EF98F588B4EDA14F4
Requests: 128 HTTP requests in this frame

Frame: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua
Frame ID: E1329E851821BA8C406C81841E805015
Requests: 70 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/c.html
Frame ID: B56D18B8FA8FA69EF16AD8D0D7844DC0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210921/r20190131/zrt_lookup.html
Frame ID: 092BE7475FE5BB458B647E40D30C1405
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Frame ID: C0117E20464FF8683669058290416156
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: AE39334B51E4D4F06C1430F53224BF16
Requests: 1 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=8733a84a-5a0f-4330-a360-4a20cc6c887b
Frame ID: FED103A7E7270654C4FF5F3EFDCD173C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9111367348737651&output=html&adk=1812271804&adf=3025194257&lmt=1632411077&plat=2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1plus1.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632411077003&bpp=2&bdt=585&idt=324&shv=r20210921&mjsv=m202109200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5030421693548&frm=20&pv=2&ga_vid=691999109.1632411077&ga_sid=1632411077&ga_hid=1905960819&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062580%2C31062854%2C21065724%2C44750894&oid=3&pvsid=2232814433520111&pem=104&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=342
Frame ID: C6110E15B5703023C78DD8E9965C03CE
Requests: 1 HTTP requests in this frame

Frame: https://pa.tns-ua.com/viewability/cm.html
Frame ID: 3C484AEEFFCAC54AD8B33CE7E0A3206D
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: 99D8A44EEABFCC40B0535EF982F48235
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.481.0_uk.html
Frame ID: 0E9A72989BC9CC2CE03DE8F24CF24F79
Requests: 2 HTTP requests in this frame

Frame: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 99A6A58C94A9F16944AF81BD09B9FCB9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 53EC8F981548F7F0431042E919B8F149
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 208DD385964D8430372CC1A039356C84
Requests: 2 HTTP requests in this frame

Frame: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EABB380A919642A4B1968AD87BC373CC
Requests: 36 HTTP requests in this frame

Frame: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 20ED6A3DCC008C82180A5E3D1A129794
Requests: 1 HTTP requests in this frame

Frame: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 134CA6D230A63B67987CEF6AE27B56AF
Requests: 15 HTTP requests in this frame

Frame: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6D6A5D7FEBEBF6A550B98571A17B8D26
Requests: 16 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: 8CED5CA7CD9F622D79127FD1C323AF79
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.481.0_uk.html
Frame ID: 141A5D456AE92251714975D31E53A2AA
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=1plus1.ua
Frame ID: 64ADD03693049BE8B7678CA56C1921AE
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARi6x_mzATAB&v=APEucNVP9UBtgEcZi6PfpC3kiLg0TMorD_mwVwEDoGMrrz17sb0PoBPpaoVpcsNZtruIKogqyMC1hqN0LsLedM_t5abYqKeYKPnZ-WLj6Jz7ptUDRDJH2IIMjWp4PSEvhT8WpkG-UBLcwd8N1zfqO5vbN7V7cKkSLgFJTlhDmFIzphHjDIqWYIk
Frame ID: F77A174E36A766EEAE9095A03FD9E96D
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAp4Zxp1MYYyUO5nggAeGuLCwCMSzoJRcvtC4heUCwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxMzgyNDc2NTM3NTQ1MzPIAQmpAj5pL3qWJ4U-4AIAqAMBqgTVAU_Qs1pnCTMdTQvsum7fiE9qk6eAER1zqnBfk44bwUyW_9unQbBpEd-cM4vjN4ilYQiW-1cP2reSydqYEU6Tk6dNunj-9TTO36_cUTTa5ReyMNQX6LncrG0Huvbvjr_wmP8dx4IWgKaxMIkLTGNpUH7EjZFUVn0HG0g2bdpjamzEEFeFO7nZ3sfImWLLdlegeDpM9Se8-1q_h__QkT0IeDfyW_GJgoDs1hQxFl2v-f4st1VdcP646UfqBhtZ95m0w2mqk8pu32a5aWrtAA2mljKtlg5zCOAEAYAG_fv_gLfU9dQooAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTkxMzgyNDc2NTM3NTQ1MzMY1dsW&sigh=jZBMesCvC_4
Frame ID: 2AF05F430151630402D7FFC5CA5F4C9F
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 473CFEF6FF4149B6695124C302DD7E6D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8EC27FDD8FF46600A79103E4547740B6
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2
Frame ID: CF3025EA8B88F8A4E8563E895BFE3C7D
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CB34FEE7F4BAF0AF05F804EBC2D289C2
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 67BD7DB4AC7A458EE31B9CF065819133
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js
Frame ID: BB221145B35BF7AA0357013B652F4643
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 167B26364441E9188CDC76C78AECEB90
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js
Frame ID: 8E32E91F3A2EF37689AD8E30AEF9EDBD
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/10123628/10123628.js?ADFassetID=10123628&bv=259
Frame ID: 08AC011250E5BEA98468B99952907976
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WOdvqX5MrEWan8NE-dDT01W_bgveDh48divqo2Vh5b0.js
Frame ID: F6FDFF39EC3E1DEEF1086BE98AB2CDAE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Офіційний сайт каналу 1+1Kyivstar

Page URL History Show full URLs

http://1plus1.ua/ HTTP 301
https://1plus1.ua/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yii (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

/yii\.(?:validation|activeForm)\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

371
Requests

99 %
HTTPS

37 %
IPv6

58
Domains

89
Subdomains

67
IPs

11
Countries

10305 kB
Transfer

17096 kB
Size

74
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://1plus1.video/me/
Title: Вхід в кабінет

Search URL Search Domain Scan URL

URL: https://1plus1.video/mandruj-ukrayinoyu-z-dmitrom-komarovim/1-sezon/6-vipusk-starodavni-tradiciyi-guculiv-sirovariv-ta-sekreti-virobnictva-karpatskih-tverdih-siriv#player
Title: Стародавні традиції гуцулів-сироварів та секрети виробництва карпатських твердих сирів

Search URL Search Domain Scan URL

URL: https://tsn.ua/

Search URL Search Domain Scan URL

URL: http://plus-plus.tv/

Search URL Search Domain Scan URL

URL: https://2plus2.ua/

Search URL Search Domain Scan URL

URL: https://tet.tv/

Search URL Search Domain Scan URL

URL: https://1plus1.international/

Search URL Search Domain Scan URL

URL: https://biguditv.com/

Search URL Search Domain Scan URL

URL: https://www.unian.net/

Search URL Search Domain Scan URL

URL: https://1plus1.video/

Search URL Search Domain Scan URL

URL: https://paramountcomedy.com.ua/

Search URL Search Domain Scan URL

URL: https://tv.kyivstar.ua/
Title: Kyivstar

Search URL Search Domain Scan URL

URL: https://media.1plus1.ua/ua/media/channels/1plus1
Title: Про канал

Search URL Search Domain Scan URL

URL: https://sales.1plus1.digital/
Title: Реклама

Search URL Search Domain Scan URL

URL: https://media.1plus1.ua/ua/media/channels/problems
Title: Проблеми з прийомом каналу 1+1

Search URL Search Domain Scan URL

URL: https://media.1plus1.ua/ua/hr
Title: Кар'єра

Search URL Search Domain Scan URL

URL: https://www.facebook.com/1plus1.ua

Search URL Search Domain Scan URL

URL: https://www.instagram.com/1plus1_ua/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCVEaAWKfv7fE1c-ZuBs7TKQ?sub_confirmation=1#utm_source=1plus1&utm_medium=social-button-header&utm_campaign=youtube

Search URL Search Domain Scan URL

URL: https://viber.com/1plus1.ua

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://1plus1.ua/ HTTP 301
https://1plus1.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 85

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D HTTP 307
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=8733a84a-5a0f-4330-a360-4a20cc6c887b

Request Chain 86

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D HTTP 302
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=055091cb177a48bf

Request Chain 109

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F1plus1.ua%2F&domain=1plus1.ua&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=WdhMQXwvMERncXVtRU80elNQbHpkVDUyQjJVNzhQU2k0TFE5NzExdGwxM2R5OHJ5Z3hQUllod1c4cUpwYXhnZWN1REtnV0ZWR1FUamRnWVdyMGYxU2Q3NENaaVRRV20vc0JoeTZ4STJRRldSdW0wZzdleW95azhGOHkrUWNZQkQxZjVmZzlOaktDYjAyWEZuWHcwVUNEemUrN0N4RU5TTTR2NlNJdlFBVXJtalhQNHcwSldzT2ozbEVsRVBhYUEyMi9WamttT3krZTdheDdCb21JWEdzSFhkQUY1aXN6TUNycmxLKzJObUluUFhRbVhnPXw&cppv=2

Request Chain 122

https://gaua.hit.gemius.pl/_1632411077677/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F1plus1.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=419&lsdata=664aFbrf3Ol1n6oGqoVLAK5ujh8vuNntJ.0juaHDcej..7RQiV_vDy1O8LQbaHPnMYj1_mqqsig_TzTImt9S1c5fwYpC/uGNQui9r0NMXM/&fpdata=QJ67Pts8nqT6tiMqm7AeHKcodUqUsUBfNyLrhnzErGj.A7&vis=1&fpcap= HTTP 301
https://gaua.hit.gemius.pl/__/_1632411077677/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F1plus1.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=419&lsdata=664aFbrf3Ol1n6oGqoVLAK5ujh8vuNntJ.0juaHDcej..7RQiV_vDy1O8LQbaHPnMYj1_mqqsig_TzTImt9S1c5fwYpC/uGNQui9r0NMXM/&fpdata=QJ67Pts8nqT6tiMqm7AeHKcodUqUsUBfNyLrhnzErGj.A7&vis=1&fpcap=

Request Chain 252

https://gum.criteo.com/sid/json?origin=publishertag&domain=1plus1.ua&sn=ChromeSyncframe&so=3&topUrl=1plus1.ua&bundle=yD1fe19rS2JWUjdLVm9vZ1NIUml6a3pwUWlMJTJCWXoxREV5cVZpMHQwTHFrSXo3bmw0QVBDaEROZUZuSHNabXg3NkVXTWlFV1I2QjVSeWdsS29NUU8zelZKUmN5S2olMkJGMXJoM0NYZGZhU3NPVVFnbmE5Wmt2U3FjayUyQm02aDRXbHQzaHdSbA&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=JehQHnx3UGVZSlIybVljd20ydkJlQXBxdTcrOGxTdVkwUFBZWDZHNVYva0dNQ1BPZFR5Z0xYcDR6N0lxZDY1L3lWSDFBVnR5cnZOVmZpQ0Rvdm5OTkRrcTk1NnNnQTdDZkE5MnNrSlFiUjVpTnZVUnJqbUVVcmo2N2tWK3NodHowK1lSVm9EalgwVmw0Qkc1VVRuVkdUWlVmV0tZbFpHQ2JKaENnNGZPb2VVL1FVRVc5empLRTU0Ky93RUUyd3haNFVWZjE3UkVCdGowQVBPMlFWSXE5NlFBaFBQZDQvMnNvays1U1hsZUp3eFllMzY5SXdwR3oyMExyOU1UWTh2dzZYNmNacWxKeWx0dFN0RVlaUVdZNFZVVTZRdz09fA&cppv=2

Request Chain 256

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1&C=1

Request Chain 257

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUydyFCLOdT97d5jZ2jQ2gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1

Request Chain 258

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJk-OQQPOvUjZ773w416KDc&google_cver=1

Request Chain 259

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTY3NzEwODc2MDQ0NzAwMjk1Nw%3D%3D

Request Chain 292

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1&google_push=AYg5qPJ9x0xU0Dm8qZeQd9Rp0ftNH6yYKt1Q7LlKswpcqRbl_QNN2GWrnZwfKR99ygZc5Usazmm2cbLuPW33ZgCvBoUEKVxa-w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM3ODA1MjUwOTk1NDUwMDI1OA== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1

Request Chain 293

https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEHiZnhF_nn7wpSiDG_JsLQo&google_cver=1&google_push=AYg5qPIwIZY8rJbFCJpi8UqhKpbXMX0LO6JAvCfFsHj39o9Zfh4IjmJjVBe5YmraH_a_ZntNJPXy-UX9GO8ejzsd0RISMlecx00 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIwIZY8rJbFCJpi8UqhKpbXMX0LO6JAvCfFsHj39o9Zfh4IjmJjVBe5YmraH_a_ZntNJPXy-UX9GO8ejzsd0RISMlecx00&google_hm=MjMxMTY2MTY1MTUzMzQwMDM2OA== HTTP 302
https://a.rfihub.com/cm?pub=445&google_error=5

Request Chain 294

https://um.simpli.fi/gp_match?google_gid=CAESEH4NK9srMK6qAsOl_MTI6xw&google_cver=1&google_push=AYg5qPJcCdyLcXj8r-h4JTS1GZyn0zI6MHFvVWBsdT2R_QnhFbOjAGZ7hVuDIpze2leCy3jWxoimGoGzb_YsVFkRQrrPXBJ3_tM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8831A89CFF594D619DB324783AD737E7&google_push=AYg5qPJcCdyLcXj8r-h4JTS1GZyn0zI6MHFvVWBsdT2R_QnhFbOjAGZ7hVuDIpze2leCy3jWxoimGoGzb_YsVFkRQrrPXBJ3_tM

Request Chain 295

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEFORu31vVrO6P-ZguZUcUtM&google_cver=1&google_push=AYg5qPJNVEkzKgPiBOChAodZDmy1pWKotS-xq3EWuQh1h0wcBUtRO7-yO08XDs_zwoB22aZAxSxQ6qhOPomPzi1o18Y6hw6CnQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJNVEkzKgPiBOChAodZDmy1pWKotS-xq3EWuQh1h0wcBUtRO7-yO08XDs_zwoB22aZAxSxQ6qhOPomPzi1o18Y6hw6CnQ&google_hm=JakaRdPKSS-r_pRGp3jiKbQ

Request Chain 297

https://ads.travelaudience.com/google_pixel?google_gid=CAESEEDdEVwCMH-oZczOg_hyT00&google_cver=1&google_push=AYg5qPI_GATjVK-EixWzsOWwYxQwVQAC0cNX1MWAh5DvZCW0iTA1E5OkEBlO_QNgt22FAIi1IAtXqeER2FaJyrFKp6QXWECxsA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g8B1m5B0RCq5akxqKU8AVw2&google_push=AYg5qPI_GATjVK-EixWzsOWwYxQwVQAC0cNX1MWAh5DvZCW0iTA1E5OkEBlO_QNgt22FAIi1IAtXqeER2FaJyrFKp6QXWECxsA

Request Chain 298

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESELappmzVWoF3bN-8pi5rRzs&google_cver=1&google_push=AYg5qPJODElUb9hg3qYu9KYLDPjj6oQUFqsDdpmEJ2bt1WV2W7uXgzWUeOR6_MCUNzl8CHf9P--tD8K3oEXanbtmzz2A3_Wjuj8 HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESELappmzVWoF3bN-8pi5rRzs&google_cver=1&google_push=AYg5qPJODElUb9hg3qYu9KYLDPjj6oQUFqsDdpmEJ2bt1WV2W7uXgzWUeOR6_MCUNzl8CHf9P--tD8K3oEXanbtmzz2A3_Wjuj8&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJODElUb9hg3qYu9KYLDPjj6oQUFqsDdpmEJ2bt1WV2W7uXgzWUeOR6_MCUNzl8CHf9P--tD8K3oEXanbtmzz2A3_Wjuj8&google_hm=a6eaeb1aa793d8a2a7f7c0d6

Request Chain 301

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEFORu31vVrO6P-ZguZUcUtM&google_cver=1&google_push=AYg5qPKPgnuDEymUu1A9roE0eQgdg3Oaowp0CUCrsfyTbFTY-IzvMZfH9B7nYc8KtFGwy9tnsSI3Z8aLKQaRFuvP7jo7yWfSAjE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKPgnuDEymUu1A9roE0eQgdg3Oaowp0CUCrsfyTbFTY-IzvMZfH9B7nYc8KtFGwy9tnsSI3Z8aLKQaRFuvP7jo7yWfSAjE&google_hm=NDmuT6-tR4Cct-rI7ah3TLQ

Request Chain 302

https://ads.travelaudience.com/google_pixel?google_gid=CAESEEDdEVwCMH-oZczOg_hyT00&google_cver=1&google_push=AYg5qPJd7AfC1tdR2SaIWWI61KpYDrNHB_KzqcPDIMHdFFPhEamVe6h-hs32LNN9QgUgxH-k5LAFMEgq1rFVvqSEMUhCxIKoXF2W HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XEyx_JcUSQCjj8UYkuNC5Q2&google_push=AYg5qPJd7AfC1tdR2SaIWWI61KpYDrNHB_KzqcPDIMHdFFPhEamVe6h-hs32LNN9QgUgxH-k5LAFMEgq1rFVvqSEMUhCxIKoXF2W

Request Chain 303

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGDhGb8YWECU3Mo4IAVPteg&google_cver=1&google_push=AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OEScPqgRmbddZoelq HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGDhGb8YWECU3Mo4IAVPteg&google_cver=1&google_push=AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OEScPqgRmbddZoelq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OEScPqgRmbddZoelq&google_hm=zK81oU9hQmCsOc4tWuywHQ==

Request Chain 304

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAT7nWieUlRDzN_Oc7zE_Jo&google_cver=1&google_push=AYg5qPJNdpzDxuiJZCLnE2tkvq6IycGqHGvi8FP2-ukAyxUYIa0kUmsWdPrFmxgpGyM4j7fBhr2917w_4wow4muOypQD_b9xuSEi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RYM0VSMTMtSi1HWkoy&google_push=AYg5qPJNdpzDxuiJZCLnE2tkvq6IycGqHGvi8FP2-ukAyxUYIa0kUmsWdPrFmxgpGyM4j7fBhr2917w_4wow4muOypQD_b9xuSEi

Request Chain 305

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEAR0s30G8MWJmqXdns3S98M&google_cver=1&google_push=AYg5qPK83qDGKqT4ZUdz9HEJT_MYzOTi7174ASrfE6tSMkubdUt8lIjLnEqz43UApzieBUnurOd6vTfJk_7Hkn0ugLbExdUzMKo HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-57bd6e2a-204d-48d8-8f8d-2463ceec3c78-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPK83qDGKqT4ZUdz9HEJT_MYzOTi7174ASrfE6tSMkubdUt8lIjLnEqz43UApzieBUnurOd6vTfJk_7Hkn0ugLbExdUzMKo%26google_hm%3DA1e9biogTUjYj40kY87sPHg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK83qDGKqT4ZUdz9HEJT_MYzOTi7174ASrfE6tSMkubdUt8lIjLnEqz43UApzieBUnurOd6vTfJk_7Hkn0ugLbExdUzMKo&google_hm=A1e9biogTUjYj40kY87sPHg

Request Chain 306

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEBZTpQ9S8-zDwc6a70T_2Jo&google_cver=1&google_push=AYg5qPIE7RJe3nC4c3DPIlm0ZUp78UQgUjGQyiSwIpSHcO1dGwD134ijFARh4PWLyE4u6xNmnqqrpOYEeoX0pclK6h8vjdGesCp7 HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPIE7RJe3nC4c3DPIlm0ZUp78UQgUjGQyiSwIpSHcO1dGwD134ijFARh4PWLyE4u6xNmnqqrpOYEeoX0pclK6h8vjdGesCp7&google_gid=CAESEBZTpQ9S8-zDwc6a70T_2Jo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTMzOTA4OTY3NTEyNDgxMDc0NTE%3D&google_push=AYg5qPIE7RJe3nC4c3DPIlm0ZUp78UQgUjGQyiSwIpSHcO1dGwD134ijFARh4PWLyE4u6xNmnqqrpOYEeoX0pclK6h8vjdGesCp7

Request Chain 318

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1&google_push=AYg5qPJSXltF2pZM_LE9tIT3Fa2uCB_uIKI69hsdxlSf9IcVmhw73V0rdm1HdGXtSxzJXMXg8F0gOZCCplq1Sv_0dL81fm8hXypl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM3ODA1MjUwOTk1NDUwMDI1OA== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1

Request Chain 320

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPMYlFQecnzY55t8gcVMouw&google_cver=1&google_push=AYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPMYlFQecnzY55t8gcVMouw&google_cver=1&google_push=AYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 322

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEMGsepbVbdWqVp_B_FAifrA&google_cver=1&google_push=AYg5qPJO9e58DcTDZOxu_yU35wfBfNd8WcHClndOMQJBhZGYJasiT7Qdc-r2uimM5SComms2o4fykkhz5G_aelmwh3aHetEO4QP8 HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEMGsepbVbdWqVp_B_FAifrA&google_cver=1&google_push=AYg5qPJO9e58DcTDZOxu_yU35wfBfNd8WcHClndOMQJBhZGYJasiT7Qdc-r2uimM5SComms2o4fykkhz5G_aelmwh3aHetEO4QP8&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=9WB6R7zAMk6tDYcQcfzIbw&google_push=AYg5qPJO9e58DcTDZOxu_yU35wfBfNd8WcHClndOMQJBhZGYJasiT7Qdc-r2uimM5SComms2o4fykkhz5G_aelmwh3aHetEO4QP8

Request Chain 323

https://rtb.openx.net/sync/dds?google_gid=CAESED33P4fNFCbX2GW3K7GB1mI&google_cver=1&google_push=AYg5qPLMMiGj4NStEOyGHQrzQVVBl8TCEOBq6JvnGTSonZS0oQ6YDNEXjrV_uFNzmDIlhf2IF9RAEm-z8q-0z_ihniO-HmJjd4TJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLMMiGj4NStEOyGHQrzQVVBl8TCEOBq6JvnGTSonZS0oQ6YDNEXjrV_uFNzmDIlhf2IF9RAEm-z8q-0z_ihniO-HmJjd4TJ&google_hm=QHBLY9Tjx7oFJ5N0jm3m4g==

Request Chain 324

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHJ3yHmbKdJnb_sz6F6v37Q&google_cver=1&google_push=AYg5qPKj_H5bNeDvIQnBMdSIdUb8dBaOdjYnhoWSfdY4_u_KB3VxMNMCIy_qId6wC1O22Hw9zRJjfOJul_0tcfoGmVSGV-JhhT4 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHJ3yHmbKdJnb_sz6F6v37Q&google_cver=1&google_push=AYg5qPKj_H5bNeDvIQnBMdSIdUb8dBaOdjYnhoWSfdY4_u_KB3VxMNMCIy_qId6wC1O22Hw9zRJjfOJul_0tcfoGmVSGV-JhhT4&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_CMUwY_9TFqEret2uQA35A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKj_H5bNeDvIQnBMdSIdUb8dBaOdjYnhoWSfdY4_u_KB3VxMNMCIy_qId6wC1O22Hw9zRJjfOJul_0tcfoGmVSGV-JhhT4

Request Chain 332

https://um.simpli.fi/gp_match?google_gid=CAESEH4NK9srMK6qAsOl_MTI6xw&google_cver=1&google_push=AYg5qPI8N3k5aeH1Zlkxxxd4RCrE6d86m5ARwYoKIQTPd3N92q_rysr97oBZY1tTktA8h8aiTFOip2vnKi1FvrhLr7YAem4RUP8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8831A89CFF594D619DB324783AD737E7&google_push=AYg5qPI8N3k5aeH1Zlkxxxd4RCrE6d86m5ARwYoKIQTPd3N92q_rysr97oBZY1tTktA8h8aiTFOip2vnKi1FvrhLr7YAem4RUP8

Request Chain 333

https://ads.travelaudience.com/google_pixel?google_gid=CAESEEDdEVwCMH-oZczOg_hyT00&google_cver=1&google_push=AYg5qPJpClY8iFwHsjuTqIXZ78-YgxusgT6_AXrVbUmxgjDtlIEhS-c9sgNOgIvXyPJkRl0EBt7xVeMdBn7gMOaR_SzsH4ZOgOg HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XEyx_JcUSQCjj8UYkuNC5Q2&google_push=AYg5qPJpClY8iFwHsjuTqIXZ78-YgxusgT6_AXrVbUmxgjDtlIEhS-c9sgNOgIvXyPJkRl0EBt7xVeMdBn7gMOaR_SzsH4ZOgOg

Request Chain 334

https://rtb.openx.net/sync/dds?google_gid=CAESED33P4fNFCbX2GW3K7GB1mI&google_cver=1&google_push=AYg5qPLY-jhciUP2AbgGy036Km67DKN39kohBQ_Ate-IYE0OhB9QQvsKbW9PDP8XuatyJXNFj60LBIJFXNRJ3o33J6Wn_lqvGg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLY-jhciUP2AbgGy036Km67DKN39kohBQ_Ate-IYE0OhB9QQvsKbW9PDP8XuatyJXNFj60LBIJFXNRJ3o33J6Wn_lqvGg&google_hm=QHBLY9Tjx7oFJ5N0jm3m4g==

Request Chain 335

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHJ3yHmbKdJnb_sz6F6v37Q&google_cver=1&google_push=AYg5qPKpM2g0qhPRbgfoPsX53eydrV-eU8obgaNjJl3MmWaFnA4diL1Yq18emdol902I19Xa1Ck8Xww-m1YM73lSktxM5SCLQdI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_CMUwY_9TFqEret2uQA35A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpM2g0qhPRbgfoPsX53eydrV-eU8obgaNjJl3MmWaFnA4diL1Yq18emdol902I19Xa1Ck8Xww-m1YM73lSktxM5SCLQdI

Request Chain 336

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEBZTpQ9S8-zDwc6a70T_2Jo&google_cver=1&google_push=AYg5qPKUm8TVl0yy8TRnztxSv4l_nTNVScto2cZtLTJNwcdX9PkFlHLn6h6oeUdANR-TMC9EyTUsJQl4y8lrUWVmAiVuET8YMr4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTMzOTA4OTY3NTEyNDgxMDc0NTE%3D&google_push=AYg5qPKUm8TVl0yy8TRnztxSv4l_nTNVScto2cZtLTJNwcdX9PkFlHLn6h6oeUdANR-TMC9EyTUsJQl4y8lrUWVmAiVuET8YMr4

Request Chain 337

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEJJDQzEAOUFWxEXJGRo8oxM&google_cver=1&google_push=AYg5qPKHwuzxjfnFoRduLKrfiacryawqbzM7b4qPfNA3Nn465kr2NQgVjrs4F8U8whRDmBbxKUGOICm73xNDbs7FlqURRB7FkYY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKHwuzxjfnFoRduLKrfiacryawqbzM7b4qPfNA3Nn465kr2NQgVjrs4F8U8whRDmBbxKUGOICm73xNDbs7FlqURRB7FkYY&google_hm=NjM3MzYwNTYyNDk1NTA3NzUxMA%3D%3D

371 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
1plus1.ua/
Redirect Chain

http://1plus1.ua/
https://1plus1.ua/

136 KB
38 KB

411ms
272ms

Document
text/html

195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 032d15b74357d5d394566b251ad65f2aa8f8aa92226e488e6562c2e2bffac177

Request headers

Host: 1plus1.ua
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Set-Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D; path=/; secure; HttpOnly
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Thu, 23 Sep 2021 15:31:15 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://1plus1.ua/

GET
H/1.1 200
OK main.css
1plus1.ua/css/ 240 KB
49 KB 47ms
47ms Stylesheet
text/css 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/css/main.css?v=1625232262
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 713178cfac763a48a3529a300b017de99cb8678dbc8c80ee39d14c1d57d20114

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://1plus1.ua/
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Jul 2021 13:24:22 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK api.0.3.0.js Show response
1plus1.video/static/player/js/ 7 KB
3 KB 317ms
42ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/js/api.0.3.0.js
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: a5af34b74868f58da2483e0ad87af7bfb087d4fc23ee86139a4fba443bb66e5f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Last-Modified: Thu, 27 Jun 2019 14:17:47 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:28:39 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
49 KB 122ms
62ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50c19217f5140cff82c4faffa65cac7e4973528f75c1d8da6e33946ef37a8209

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49224
x-xss-protection: 0
server: cafe
etag: 10527294596646427929
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 23 Sep 2021 15:31:16 GMT

GET
H/1.1 200
OK l.js Show response
api.1plus1.video/u/ 895 B
2 KB 318ms
53ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/u/l.js?p=&l=ua&f=0&auth=1&login_profile=1
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 3d182116a4eca2bcf0e80bf9c6afc02ae7190f7f6ac54441c3561307b267b868

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://1plus1.ua
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK jquery.min.js Show response
1plus1.ua/assets/9262aebb/ 85 KB
35 KB 99ms
47ms Script
application/javascript 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/assets/9262aebb/jquery.min.js?v=1522140588
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Mar 2018 08:49:48 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.mousewheel.min.js Show response
1plus1.ua/js/plugin/ 3 KB
2 KB 128ms
43ms Script
application/javascript 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/js/plugin/jquery.mousewheel.min.js?v=1534321534
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.mCustomScrollbar.min.js Show response
1plus1.ua/js/plugin/ 39 KB
14 KB 137ms
49ms Script
application/javascript 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/js/plugin/jquery.mCustomScrollbar.min.js?v=1534321534
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 6e39ba4fad6e787f935f33ea8dac9105b1384cae25041a12bc108805c86598fb

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK yii.js Show response
1plus1.ua/assets/ee210f57/ 20 KB
7 KB 134ms
44ms Script
application/javascript 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/assets/ee210f57/yii.js?v=1522140588
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: bb7a8c984417a77f846d70464f10364b4e5cb40c50ad1140b805bf43f2984b4d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Mar 2018 08:49:48 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK main.js Show response
1plus1.ua/js/ 41 KB
14 KB 139ms
49ms Script
application/javascript 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/js/main.js?v=1625071710
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: ca6f9a522805e40f41f8acdda64abe7999980cf099b9cee3aad2d8651bb7fdb5

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Last-Modified: Wed, 30 Jun 2021 16:48:30 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK yii.activeForm.js Show response
1plus1.ua/assets/ee210f57/ 32 KB
8 KB 133ms
43ms Script
application/javascript 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/assets/ee210f57/yii.activeForm.js?v=1522140588
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 7b90253fd93dae3c4bae4ef55d38fc0550b3a58caaa0408505c581872ca46722

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://1plus1.ua/
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Mar 2018 08:49:48 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wrapper_hb_298309_4139.js Show response
player.adtelligent.com/prebid/ 113 KB
27 KB 72ms
11ms Script
application/javascript 213.174.135.2
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 14dd5bd4041ab2c4012cb5acbf329528bf2d3a14889b416debfb716566c578f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
content-encoding: gzip
last-modified: Fri, 17 Sep 2021 13:17:22 GMT
server: nginx/1.18.0
etag: W/"61449562-1c372"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Thu, 23 Sep 2021 16:31:16 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H/1.1 200
OK piwik.js Show response
assay.1plus1.ua/ 57 KB
23 KB 191ms
80ms Script
application/javascript 195.137.240.12
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL

https://assay.1plus1.ua/piwik.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

195.137.240.12 , Ukraine, ASN29389 (ASN-UNIAN, UA),

Reverse DNS

assay.1plus1.ua

Software

nginx /

Resource Hash

714576ef1d7b58980b7658ae9b8b4d74a223fba87934dc442db4098873e179a3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 03 Jul 2017 15:36:13 GMT
Server: nginx
ETag: W/"595a646d-e3b1"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 131 KB
46 KB 80ms
29ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PWKM5Z

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a1557ddcd7e10c79540d4b18e095c32f057994206d22fa1b02dad13a01c3329d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46742
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 23 Sep 2021 15:31:16 GMT

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 86 KB
29 KB 133ms
22ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 55fe7d89155f2a1e03d7a036d6618febe2c57d2373f024709f25540963f61c7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Thu, 23 Sep 2021 15:31:16 GMT
content-encoding: gzip
last-modified: Wed, 22 Sep 2021 09:19:08 GMT
server: nginx
etag: W/"614af50c-15709"
x-cached-since: 2021-09-23T15:23:22+00:00
content-type: application/javascript
cache-control: max-age=600
cache: HIT
expires: Wed, 22 Sep 2021 09:29:43 GMT

GET
H/1.1 200
OK analytics.js Show response
l1.heyhelga.net/ 121 KB
42 KB 644ms
78ms Script
application/javascript 195.137.240.18
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://l1.heyhelga.net/analytics.js?ver=1632411076
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.18 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: l1-izi-01.1plus1.net
Software: nginx /
Resource Hash: 1252a07c4db3367b430e6e5c15e30d0cd879c1edbb2926dc7d75e4eed0a1080d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Jan 2021 19:03:32 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, must-revalidate, max-age=7200
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 hotjar-1437498.js Show response
static.hotjar.com/c/ 4 KB
2 KB 29ms
9ms Script
application/javascript 13.225.78.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1437498.js?sv=6

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.14 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-14.fra2.r.cloudfront.net

Software

Resource Hash

683cf81f41bbfa7c4c285e41502f9fd3b281a7e783a218479fea00ec84953e2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:30:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52
x-edge-origin-shield-skipped: 0
x-cache: Hit from cloudfront
content-length: 1912
access-control-allow-origin: *
cache-control: max-age=60
etag: W/9022d04062bdcaa73a306bf3faa42510
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 e5b93012e2bfb81dc9846f43efd610a6.cloudfront.net (CloudFront)
x-cache-hit: 1
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 9nNWc6UB4V32ruAxYMkH5VxG2ZYyZvSMVdlchMgHqwX9MyOThS8Wtw==

GET
H/1.1 200
OK oneplusone2015-regular.woff2
1plus1.ua/fonts/OnePlusOne/regular/ 19 KB
20 KB 47ms
46ms Font
application/octet-stream 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/regular/oneplusone2015-regular.woff2
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1625232262
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: a44d0dbd6674f6bc5ff19108f139572b3c1425e2177094d05a2f62e88b79dc8f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1625232262
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/css/main.css?v=1625232262
Origin: https://1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 19868
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusonettf-black.woff2
1plus1.ua/fonts/OnePlusOneTTF/black/ 19 KB
19 KB 51ms
51ms Font
application/octet-stream 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOneTTF/black/oneplusonettf-black.woff2
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1625232262
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 93e3f4a80e5e0b448a58947028eb19f4c62c95a402b4df807a22c2250d4e764c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1625232262
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/css/main.css?v=1625232262
Origin: https://1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 19620
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusone2015-light-italic.woff
1plus1.ua/fonts/OnePlusOne/light/italic/ 15 KB
16 KB 79ms
78ms Font
application/font-woff 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/light/italic/oneplusone2015-light-italic.woff
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1625232262
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: b06437eb7d795fa51787e55d921e1928e9e32e45495f34591115b24a6a6c2790

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1625232262
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/css/main.css?v=1625232262
Origin: https://1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/font-woff
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 15788
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusone2015-light.woff2
1plus1.ua/fonts/OnePlusOne/light/ 19 KB
19 KB 46ms
46ms Font
application/octet-stream 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/light/oneplusone2015-light.woff2
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1625232262
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 8cccd7da46e757c29d90ebbdd06911e724baf818543d032fe7fd657761008dbe

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1625232262
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/css/main.css?v=1625232262
Origin: https://1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 18952
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 d52b3cf38b79c4a2ba39a9a894b5f306_1920x830.jpg
images.1plus1.ua/uploads/programs_default/000/716/416/ 283 KB
284 KB 354ms
194ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/716/416/d52b3cf38b79c4a2ba39a9a894b5f306_1920x830.jpg?v=1632127776
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 659f47dd48efbfe049bb3243283145df22b9c1efb0f7c10cbba5981d31efcdbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Mon, 20 Sep 2021 08:49:38 GMT
server: nginx
etag: "df64a1ca1dc71df81b653074d2a5cd9f"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 290276
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 9dfb686fd4003ced151fd59312a93b2e.190x105.jpg
images.1plus1.video/card-5/KaYKIL12/ 10 KB
10 KB 227ms
72ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/KaYKIL12/9dfb686fd4003ced151fd59312a93b2e.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 5f23183c6177c8d548b659d3e3f9e453dfd9235a75c7eb4b042a2bc76dd3e999

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Wed, 01 Sep 2021 14:31:51 GMT
server: nginx
etag: "79684ebafe58d3edb83d7d871639c279"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 10114
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:16 GMT
expires: Thu, 30 Sep 2021 15:31:16 GMT

GET
H2 200 e072a83f3ed76154a7d197e783bb83ed_1920x830.jpg
images.1plus1.ua/uploads/programs_default/000/697/408/ 157 KB
157 KB 309ms
149ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/697/408/e072a83f3ed76154a7d197e783bb83ed_1920x830.jpg?v=1629706693
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 9f82c0bab21e34ef2d7efedf73a6fcd4ad8c14a8f20723785bfd2569f6cd08d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Mon, 23 Aug 2021 08:18:16 GMT
server: nginx
etag: "bc9fc2057a926c41dd1b86af7c611712"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 160375
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 3f9a5c76fd12606515928f878e4c1885_1920x830.png
images.1plus1.ua/uploads/programs_default/000/704/158/ 2 MB
2 MB 404ms
245ms Image
image/png 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/704/158/3f9a5c76fd12606515928f878e4c1885_1920x830.png?v=1630667817
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 83fff1e1a1ce14422fd71122690ace489789895557258e4dbc7a3372895feacb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Fri, 03 Sep 2021 11:17:10 GMT
server: nginx
etag: "26104b3ae0922d38de1017c29b355615"
content-type: image/png
cache-control: max-age=315360000
content-length: 2013810
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 afa2553460b1bce1652f56e6ecff5294.190x105.jpg
images.1plus1.video/card-5/E2DFImZa/ 10 KB
10 KB 213ms
84ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/E2DFImZa/afa2553460b1bce1652f56e6ecff5294.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 6866bcb357b70cff69e9aa8238ea93b8e6aa7a0bddeb90bea0e5bd3e44b8f8fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Tue, 10 Aug 2021 08:40:42 GMT
server: nginx
etag: "d41918e1f92319579c8de79b764db873"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 10356
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:16 GMT
expires: Thu, 30 Sep 2021 15:31:16 GMT

GET
H2 200 d6b92aefbe214f4c0531e954cf086add_1920x830.jpeg
images.1plus1.ua/uploads/programs_default/000/653/794/ 79 KB
79 KB 211ms
79ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/653/794/d6b92aefbe214f4c0531e954cf086add_1920x830.jpeg?v=1621416700
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 8acc3a82855ddbc4e31e109fdb9036d127bfcd60e46bc1895594bf23ce1c4572

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Wed, 19 May 2021 09:31:43 GMT
server: nginx
etag: "2e7257d7f615da54f50eed89237b61d4"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 80576
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fc6b0dc975dc6dc8531de45efb06721d_1920x830.png
images.1plus1.ua/uploads/programs_default/000/653/824/ 881 KB
882 KB 483ms
351ms Image
image/png 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/653/824/fc6b0dc975dc6dc8531de45efb06721d_1920x830.png?v=1621418873
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: a1b81fdca6b0075b92074a8faedffd245b6f251b5db395a1d2e386ab1d0c0690

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Wed, 19 May 2021 10:08:04 GMT
server: nginx
etag: "a9023d98fba156176a28ba8f5ce30217"
content-type: image/png
cache-control: max-age=315360000
content-length: 902012
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 10:45:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 48ae75c443fdf35b4442c088450b3fc5.190x105.jpg
images.1plus1.video/card-5/DaUfPf0t/ 10 KB
10 KB 235ms
107ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/DaUfPf0t/48ae75c443fdf35b4442c088450b3fc5.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 1131f8229e8b45509ddbd867eda946c81ad477612d01f59312ec83cc050dabe3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Tue, 21 Sep 2021 10:35:20 GMT
server: nginx
etag: "391745b1824412a04c964dca53f602f4"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 9826
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:17 GMT
expires: Thu, 30 Sep 2021 15:31:17 GMT

GET
H2 200 9271892a20dea34f847e580b423668ba_1920x830.jpeg
images.1plus1.ua/uploads/programs_default/000/653/698/ 97 KB
97 KB 365ms
232ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/653/698/9271892a20dea34f847e580b423668ba_1920x830.jpeg?v=1621411511
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 00f83b9228a493e86138bdd97f1e0dd725dcfdc5dc6ae0662c2ce21372039004

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Wed, 19 May 2021 08:05:13 GMT
server: nginx
etag: "a5cc8b22eaacbd8b871c48aa6fceeb0f"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 99392
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 73a72820403b02a2ff263d61785e0db7.190x105.jpg
images.1plus1.video/card-5/oRGxzFdu/ 11 KB
11 KB 235ms
107ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/oRGxzFdu/73a72820403b02a2ff263d61785e0db7.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: aed281a03eb2c399c6ae6905f013786f46ace997e638e451c6d19abf659f16d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Thu, 26 Aug 2021 09:56:33 GMT
server: nginx
etag: "b7234dde46952f0832d98142b10ea96e"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 10865
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:17 GMT
expires: Thu, 30 Sep 2021 15:31:17 GMT

GET
H2 200 0f76236f1106f19e09f43b866ef5f11c_1920x830.jpg
images.1plus1.ua/uploads/programs_default/000/657/055/ 118 KB
118 KB 484ms
351ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/programs_default/000/657/055/0f76236f1106f19e09f43b866ef5f11c_1920x830.jpg?v=1622558530
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: b0fe563c0d2c46b56e718bf650bde4c12832349a08ae5c8583b66fc60495ed30

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Tue, 01 Jun 2021 14:42:12 GMT
server: nginx
etag: "bd6b66af09f9d1383d062d6c209487de"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 120907
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 f33ba63e363f80acc760ae99339e53d1.190x105.jpg
images.1plus1.video/card-4/WRpgjKO2/ 10 KB
10 KB 213ms
86ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-4/WRpgjKO2/f33ba63e363f80acc760ae99339e53d1.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 0a4e2444504ec2087ae4d601da60fe40dac4648a4280415b6cbaa5d2a77600ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Thu, 29 Apr 2021 14:01:10 GMT
server: nginx
etag: "44b50d3884a6dd6c198c668f525b49e8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 9761
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:16 GMT
expires: Thu, 30 Sep 2021 15:31:16 GMT

GET
H2 200 634e22a6c4fc19e17919adfd4ce7402e_340x511.jpg
images.1plus1.ua/uploads/articles/000/710/338/ 21 KB
21 KB 484ms
351ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/710/338/634e22a6c4fc19e17919adfd4ce7402e_340x511.jpg?v=1631300826
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 26a0453498a4dd295cfb3fb7c22f417024a3f7168ecc346c7cd9aaf886f70b82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Fri, 10 Sep 2021 19:07:08 GMT
server: nginx
etag: "1841af350f277d744bfcf57e1c996b19"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 21468
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 624b020798d6b23855d8899f26a8ebbb_620x241.jpg
images.1plus1.ua/uploads/articles/000/716/071/ 43 KB
43 KB 483ms
351ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/716/071/624b020798d6b23855d8899f26a8ebbb_620x241.jpg?v=1632074148
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 2120a82761f93604a9507c84753a7df968f38ee8bb3a07f4b544ce1b1c350acd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Sun, 19 Sep 2021 23:08:25 GMT
server: nginx
etag: "cac4b09d65535df52293532e71add566"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 43633
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5b3a826ce0baf45f10f788db6ad85108_620x241.jpg
images.1plus1.ua/uploads/articles/000/713/821/ 41 KB
41 KB 364ms
232ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/713/821/5b3a826ce0baf45f10f788db6ad85108_620x241.jpg?v=1631719848
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ec37c82245e263f1f1b4ce66fc406513e3b6de680ac395903cf86d35f3b239a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
last-modified: Wed, 15 Sep 2021 15:32:24 GMT
server: nginx
etag: "a0958ef6d0a418a6be7263cc725d44bb"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 41559
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:09:12 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusone2015-heavy.woff2
1plus1.ua/fonts/OnePlusOne/heavy/ 19 KB
20 KB 44ms
44ms Font
application/octet-stream 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/heavy/oneplusone2015-heavy.woff2
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1625232262
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 820a5c6758c92428368ba0b8ec651dbd593aafd0046c9e970c0252bf4301828c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1625232262
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/css/main.css?v=1625232262
Origin: https://1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 19872
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplusone2015-bold.ttf
1plus1.ua/fonts/OnePlusOne/bold/ 31 KB
31 KB 45ms
44ms Font
application/octet-stream 195.137.240.80
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.ua/fonts/OnePlusOne/bold/oneplusone2015-bold.ttf
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/css/main.css?v=1625232262
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.80 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 1d20ef34fb2b7a8d6409fac19fabba3fe1c922c674b469e57b92aed5a417d3ea

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://1plus1.ua
Accept-Encoding: gzip, deflate, br
Host: 1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://1plus1.ua/css/main.css?v=1625232262
Cookie: _csrf=3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
Connection: keep-alive
Referer: https://1plus1.ua/css/main.css?v=1625232262
Origin: https://1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:16 GMT
Last-Modified: Wed, 15 Aug 2018 08:25:34 GMT
Server: nginx
Content-Type: application/octet-stream
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 31444
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 a53a0d7e36c53ec186688ab5ebfc1667_340x511.png
images.1plus1.ua/uploads/articles/000/719/182/ 108 KB
109 KB 328ms
326ms Image
image/png 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/719/182/a53a0d7e36c53ec186688ab5ebfc1667_340x511.png?v=1632409057
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 88b3761c057ce5f4613caec435045e474ee799b3124c0db590f33a9314a25617

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Thu, 23 Sep 2021 14:59:05 GMT
server: nginx
etag: "c1b8ea237bf4e8d6a84ac667b976b269"
content-type: image/png
cache-control: max-age=315360000
content-length: 110825
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 15:01:14 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 f21e7d14525ae7c284c9734e1823a009_361x361.jpg
images.1plus1.ua/uploads/articles/000/697/369/ 29 KB
29 KB 328ms
326ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/697/369/f21e7d14525ae7c284c9734e1823a009_361x361.jpg?v=1629619545
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: fd709f7603ba994b389b4f9b95def9dc5abd63c5b209723e60fb05c0cb9eeaa5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Sun, 22 Aug 2021 08:05:46 GMT
server: nginx
etag: "e3b5256bb33cbf2d3d2cf8de614977f2"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 29501
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 14:37:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 3edd26575f1332de6644412af35ff7af_361x361.jpg
images.1plus1.ua/uploads/articles/000/719/131/ 19 KB
19 KB 328ms
327ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/719/131/3edd26575f1332de6644412af35ff7af_361x361.jpg?v=1632406780
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 34fe6ab2eaee120b51ad72394287ff0629d1a460f532518117ddb4f45ee87ec0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Thu, 23 Sep 2021 14:19:41 GMT
server: nginx
etag: "1b9ff685c2c2bddf00e5f3987fdd99e3"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 19562
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 14:34:29 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 8c1f5a185165c99147bc16fc8cf01e00_340x511.jpg
images.1plus1.ua/uploads/articles/000/718/993/ 14 KB
14 KB 328ms
327ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/718/993/8c1f5a185165c99147bc16fc8cf01e00_340x511.jpg?v=1632401339
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 3e89a5702982a18850faa2c7c7b2aab10a679e40801662cbc47fb0d8ecb60917

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Thu, 23 Sep 2021 12:49:02 GMT
server: nginx
etag: "dde1dbc87d67f5143ec5449c449c36fd"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 14349
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 15:01:14 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 43d364993c05d4c360dd5aac05652be2_361x361.jpg
images.1plus1.ua/uploads/articles/000/718/957/ 20 KB
20 KB 328ms
327ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/718/957/43d364993c05d4c360dd5aac05652be2_361x361.jpg?v=1632401011
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: dddc208bd49f00fbf8d246360469328b3acf52a8af3e4ef1f4215e914a4693a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Thu, 23 Sep 2021 12:43:36 GMT
server: nginx
etag: "d96fb0a1e614a20c1eb65936f561b1b5"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 20035
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 13:59:14 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 a6eff8f47aefc9a2e5441af18afe5ec1_361x361.jpg
images.1plus1.ua/uploads/articles/000/719/038/ 20 KB
20 KB 328ms
327ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/719/038/a6eff8f47aefc9a2e5441af18afe5ec1_361x361.jpg?v=1632403824
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e0b0468f5eddaa35e3ae610759a1dc09023a28d83a049965b4e1c6b1a0f1dc7b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Thu, 23 Sep 2021 13:30:25 GMT
server: nginx
etag: "36e0a2f3ef260964d0801eae22462e4c"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 20237
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 13:53:05 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cb04e511aa2bf3235625f43b02b81f33_340x511.jpg
images.1plus1.ua/uploads/articles/000/717/565/ 28 KB
28 KB 328ms
327ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/717/565/cb04e511aa2bf3235625f43b02b81f33_340x511.jpg?v=1632243248
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: deb61e8805c38a2276f05c152d46cf436199712fb3f9f1b72c3bba880bd782e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Tue, 21 Sep 2021 16:54:12 GMT
server: nginx
etag: "c1b6f7cce33fcd698736023897daf2e7"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 28884
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:24:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5493ec45b42f54a7e61370a366884ffd_361x361.jpg
images.1plus1.ua/uploads/articles/000/717/493/ 21 KB
22 KB 329ms
327ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/717/493/5493ec45b42f54a7e61370a366884ffd_361x361.jpg?v=1632237252
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 1d7090cffe659d13f8c2317673a974709d4704dd869d45f19376f8f3ec6cf9a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Tue, 21 Sep 2021 17:00:58 GMT
server: nginx
etag: "c358dfcb4c8db9ed7f20d48cfe09f643"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 21835
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 04:09:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 831bd0867ff7593fe58b7c5a7ad71aae_361x361.jpg
images.1plus1.ua/uploads/articles/000/716/626/ 15 KB
16 KB 329ms
327ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/716/626/831bd0867ff7593fe58b7c5a7ad71aae_361x361.jpg?v=1632139847
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: f42414b00a84bd5d192df20872bd45b545c84e4e888a9d15f8a89722e5e4d2eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Mon, 20 Sep 2021 12:10:48 GMT
server: nginx
etag: "8dd9a6dd801a77423d341a7f30d8a3d9"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 15671
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 03:24:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 c532c72b7c2e87dbc1cba5ce235450ef_340x511.jpg
images.1plus1.ua/uploads/articles/000/716/587/ 24 KB
24 KB 329ms
328ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/716/587/c532c72b7c2e87dbc1cba5ce235450ef_340x511.jpg?v=1632139361
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 74d60d918320c3e93c680d19368d0da4924ff04ff865967c0815a135844caa1b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Mon, 20 Sep 2021 12:02:46 GMT
server: nginx
etag: "e0dc0c41a6174c63b42cfcfb51115583"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 24719
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 04:09:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 05027b160fadfb38ab17b5f562e3e0dd_361x361.jpg
images.1plus1.ua/uploads/articles/000/715/867/ 19 KB
19 KB 329ms
328ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/715/867/05027b160fadfb38ab17b5f562e3e0dd_361x361.jpg?v=1632051252
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 59f334477b221b1cbb68b260ef3cfe369a8e2d96f2ed1a20cc72756dd6f6fb7b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Sun, 19 Sep 2021 11:34:13 GMT
server: nginx
etag: "f4fa028912c28c2e22e8fb10562b8a7e"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 19461
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 04:11:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cb9025235d1d8718bb9e21d9770c01b5_361x361.jpg
images.1plus1.ua/uploads/articles/000/712/978/ 15 KB
15 KB 329ms
328ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.ua/uploads/articles/000/712/978/cb9025235d1d8718bb9e21d9770c01b5_361x361.jpg?v=1631631954
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 55b22013e73e23ac999a9cc992559752c50c1ffaec76f2d7a44c9bcb38faddf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Tue, 14 Sep 2021 15:05:55 GMT
server: nginx
etag: "ac9ef50fc158988b9c5ab3153f5e8e98"
content-type: image/jpeg
cache-control: max-age=315360000
content-length: 15044
accept-ranges: bytes
x-1p1-cdn: HIT; Thu, 23 Sep 2021 04:11:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 92d3195f325a4d45ee303ab9d892d5b3.190x105.jpg
images.1plus1.video/card-5/E2fzXbha/ 13 KB
13 KB 271ms
151ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/E2fzXbha/92d3195f325a4d45ee303ab9d892d5b3.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 18490029527d0166564d08d77d15347f5c7604cb916606860eb0bf458565ba9f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Tue, 15 Jun 2021 14:24:39 GMT
server: nginx
etag: "a87fa4df91a2dc0e28d9c245f9b31a56"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 13066
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:17 GMT
expires: Thu, 30 Sep 2021 15:31:17 GMT

GET
H2 200 9fef5ac5c02b786d294d1ec518d81257.190x105.jpg
images.1plus1.video/card-5/IRHSLdka/ 11 KB
12 KB 98ms
97ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/IRHSLdka/9fef5ac5c02b786d294d1ec518d81257.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 8f9e71ad37578a2db5a8e702ba31316a65dc3f36b2883198adab4d8261631483

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Tue, 15 Jun 2021 14:24:45 GMT
server: nginx
etag: "2e74435d3edf5310a445de62177853fb"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 11649
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:17 GMT
expires: Thu, 30 Sep 2021 15:31:17 GMT

GET
H2 200 9a92952634e23723a23e420e15b6f09d.190x105.jpg
images.1plus1.video/card-5/NCkBenm2/ 9 KB
9 KB 99ms
98ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/NCkBenm2/9a92952634e23723a23e420e15b6f09d.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 0fc2fc5d88d357fa83957e664039e6a19588081e55a215d8d077eed82d43beba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Tue, 01 Jun 2021 10:56:33 GMT
server: nginx
etag: "5df517d83b1757de3cf407fdcd55b5a0"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 9392
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:17 GMT
expires: Thu, 30 Sep 2021 15:31:17 GMT

GET
H2 200 9556af606060a6b58f92630ea068995e.190x105.jpg
images.1plus1.video/card-5/hu7lAxSR/ 8 KB
8 KB 99ms
98ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/hu7lAxSR/9556af606060a6b58f92630ea068995e.190x105.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: f98c3b183a8834fa2303d8c358f62cc42785540dec4bcca3bf682dcd893874bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Tue, 01 Jun 2021 10:56:41 GMT
server: nginx
etag: "7ea4a7d31c835975e1e8be8db6f4f88c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 8104
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:17 GMT
expires: Thu, 30 Sep 2021 15:31:17 GMT

GET
H/1.1 200
OK Cookie set E2fzXbha Show response
1plus1.video/video/embed/ Frame E132 11 KB
6 KB 83ms
82ms Document
text/html 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/video/embed/E2fzXbha?l=ua
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: ab4630f9ac691de65c6a6b41b189c348c4cb4c2cfba2582dd028f58ff1a14677

Request headers

Host: 1plus1.video
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://1plus1.ua/
Accept-Encoding: gzip, deflate, br
Cookie: _opov_sid_=0u7pae4in788rgv3sikr6ganaq
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

Server: nginx
Date: Thu, 23 Sep 2021 15:31:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: _opov_sid_=0u7pae4in788rgv3sikr6ganaq; expires=Sat, 23 Sep 2023 16:31:16 GMT; Max-Age=63072000; domain=.1plus1.video; path=/; secure; SameSite=None; _opov_uisl_=0; expires=Sat, 23-Sep-2023 15:31:16 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Sat, 23-Sep-2023 15:31:16 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Sat, 23-Sep-2023 15:31:16 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Sat, 23-Sep-2023 15:31:16 GMT; Max-Age=63072000; path=/; domain=.1plus1.video
Content-Encoding: gzip

GET
H2 200 hb_298309_4139.js Show response
player.adtelligent.com/prebidlink/ex18894/ 299 KB
93 KB 9ms
8ms Script
application/javascript 213.174.135.2
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 9b81c5ac867b705d32b4ed0468718e77aba7b745b8d9fbebca79adc5229fdb97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
content-encoding: gzip
last-modified: Tue, 14 Sep 2021 12:50:24 GMT
server: nginx/1.18.0
etag: W/"61409a90-4aaa2"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Thu, 23 Sep 2021 16:31:16 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 73 KB
26 KB 101ms
28ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b6f9d378e1f4b265667bfcf54dac3cd1b1edc6a2659264823434e4702601a5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "995 / 649 of 1000 / last-modified: 1632406163"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25714
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 23 Sep 2021 15:31:16 GMT

GET
H2 200 modules.5fe2f4f38cf4833026a9.js Show response
script.hotjar.com/ 221 KB
59 KB 40ms
12ms Script
application/javascript 13.224.193.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.5fe2f4f38cf4833026a9.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1437498.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.193.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-193-122.fra2.r.cloudfront.net

Software

Resource Hash

33d18bfaad19367135cba7d9096fba55164cd67b8e5819617c6d6b34bd43454b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 07:15:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1239370
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59626
access-control-allow-origin: *
last-modified: Thu, 09 Sep 2021 07:14:26 GMT
etag: "e8c5ca8d148a212696c04c37e713b2a1"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: hTI3zdpn_HxHxYSEU5j-ui6mX-0WTRTHpayM9X4fDgLYob9nCuluNQ==

GET
H2 200 xgemius.js Show response
gaua.hit.gemius.pl/ 40 KB
11 KB 125ms
37ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/xgemius.js
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: fb8ce03c389581661b57ca719e9ef48c4f7aa76efe3ecff14dbe600e1ffc3319

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
last-modified: Wed, 15 Sep 2021 10:02:32 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10838
expires: Fri, 24 Sep 2021 03:31:17 GMT

GET
H2 200 cm.js Show response
source.mmi.bemobile.ua/cm/ 52 KB
20 KB 198ms
76ms Script
application/javascript 194.247.175.23
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://source.mmi.bemobile.ua/cm/cm.js
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.23 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.13.0 /
Resource Hash: 5d1b56a762d63b6e9bfb8a70552ce75c1c3938c782f8d9de971ecc960836c451

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
last-modified: Wed, 06 Nov 2019 07:53:34 GMT
server: nginx/1.13.0
etag: W/"5dc27bfe-d0f6"
content-type: application/javascript; charset=utf-8
cache-control: no-cache
expires: Thu, 07 Nov 2019 07:53:34 GMT

GET
H2 200 pic.gif
pa.tns-ua.com/bug/ 56 B
139 B 245ms
34ms Image
image/gif 194.247.175.26
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pa.tns-ua.com/bug/pic.gif?siteid=1plus1.ua&j=1&nocache=0.15252840267975776
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.26 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 2d310648a31461f6b76c38bca295da135b9825938ad1defab174fc29b414487b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
cache-control: no-cache
server: nginx/1.18.0
expires: -1

GET
H2 200 sdk.js Show response
connect.facebook.net/uk_UA/ 3 KB
2 KB 38ms
12ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

189901c219e9c2c63d7b5211a6455744cb4fdbccc6c15fe15a1bdfb870ba2d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: JkuF36WLaDVw4RR4s8VE8w==
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: ISEIZrqub7UwYOyV3I8jV0pw1Zf6w3iCz1TY3APp45hyBPvvvT0bQsCS389UyDrPb46vsn9LlJqmtWFGwn6IPQ==
x-fb-trip-id: 917726464
x-fb-content-md5: ab3db8f8c62ec6ab4638b0e2d8a7ad0e
x-frame-options: DENY
date: Thu, 23 Sep 2021 15:31:16 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "35df45f794772a72fb22c7b345822808"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 23 Sep 2021 15:47:09 GMT

GET
H/1.1 200
OK api.auth.0.0.5.js Show response
api.1plus1.video/static/js/ 108 KB
33 KB 80ms
80ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Requested by: Host: api.1plus1.video
URL: https://api.1plus1.video/u/l.js?p=&l=ua&f=0&auth=1&login_profile=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 974f2bbaea34f0c01bbaf12d439695df1a579ce8274180da38cf8f1771fdcb49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Aug 2021 07:08:16 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:30:04 GMT

GET
H/1.1 200
OK / Show response
ghb.adtelligent.com/geo/ 141 B
386 B 195ms
20ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/geo/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: c53daf5400b2cb760e78b381ed9b88d0caf70505cf01f03f5ca06776777d69d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://1plus1.ua
Date: Thu, 23 Sep 2021 15:31:17 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive
Content-Length: 141
Content-Type: application/json

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ 43 B
411 B 195ms
21ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=298309&site_id=4139&full_page_url=https%3A%2F%2F1plus1.ua%2F&adid=x3eo7v.92&vpbv=0835&lifecycle_tte=1041
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://1plus1.ua
Date: Thu, 23 Sep 2021 15:31:17 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 55ms
14ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWKM5Z

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 2357
date: Thu, 23 Sep 2021 14:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Thu, 23 Sep 2021 16:52:00 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/ Frame B56D 637 B
490 B 25ms
25ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/c.html
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 594ca5002b9cdd63b301365c4dd76f3a08e23049f6aee1f62258d20da8ef1345

Request headers

:method: GET
:authority: cdn.admixer.net
:scheme: https
:path: /scripts3/c.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

server: nginx
date: Thu, 23 Sep 2021 15:31:17 GMT
content-type: text/html
last-modified: Wed, 22 Sep 2021 09:19:04 GMT
vary: Accept-Encoding
etag: W/"614af508-27d"
expires: Fri, 23 Sep 2022 09:19:43 GMT
cache-control: max-age=31622400
cache: HIT
x-cached-since: 2021-09-22T09:19:43+00:00
x-id: fr5-up-gc35
content-encoding: gzip

GET
H2 200 a6c594b5e52a93d3c19f.b.js Show response
cdn.admixer.net/scripts3/ 92 KB
26 KB 38ms
37ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/a6c594b5e52a93d3c19f.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: e6ecc3beb03f58388cb5a5329040fb1b97ef3a36af6bb499a8fe5d5e4ceb182a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
last-modified: Wed, 22 Sep 2021 09:19:02 GMT
server: nginx
etag: W/"614af506-16fc0"
vary: Accept-Encoding
x-cached-since: 2021-09-22T09:19:43+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Fri, 23 Sep 2022 09:19:43 GMT

GET
H2 200 916e69bfbaf48692c796.b.js Show response
cdn.admixer.net/scripts3/ 92 KB
26 KB 26ms
25ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/916e69bfbaf48692c796.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 33a2b43d9139d035ea13e160d22403c7f5b52fd9b685fb8f9485646336a15a7e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-id: fr5-up-gc35
date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
last-modified: Wed, 22 Sep 2021 09:19:01 GMT
server: nginx
etag: W/"614af505-1705c"
vary: Accept-Encoding
x-cached-since: 2021-09-22T09:19:44+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Fri, 23 Sep 2022 09:19:44 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109200101/ 253 KB
94 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109200101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9111367348737651&plah=1plus1.ua

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85b26daaff7a38cb4bee7a5d8a99c84b4d6556a9df6db213a912d0d8bbd56389

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95714
x-xss-protection: 0
server: cafe
etag: 8581628240566664613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210921/r20190131/ Frame 092B 10 KB
5 KB 38ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210921/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

751dcf9dcab28e7704b6c2b25d6288581f8a45af878fd628135cec03d8112eed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210921/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 22 Sep 2021 20:26:37 GMT
expires: Wed, 06 Oct 2021 20:26:37 GMT
content-type: text/html; charset=UTF-8
etag: 14847953055219580247
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4613
x-xss-protection: 0
age: 68680
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 box-dfc01efbdc94bb0936d9a35a502b0b64.html Show response
vars.hotjar.com/ Frame C011 2 KB
1 KB 39ms
14ms Document
text/html 13.224.193.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1437498.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-73.fra2.r.cloudfront.net
Software: /
Resource Hash: 88ca677c14d4217c2f6b8c8964a1d172027974c4c0839e4d531ad7d3d6de1987

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-dfc01efbdc94bb0936d9a35a502b0b64.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

content-type: text/html
content-length: 1044
date: Tue, 20 Jul 2021 13:05:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "10714b84569172431728622d7c8098e4"
last-modified: Tue, 20 Jul 2021 13:04:43 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: sIZHeHwgGOy_OZO8wLa18rrgvwccgDBHtbHhpf_olxs0DXpkrWDpSg==
age: 5624772

GET
H/1.1 200
OK piwik.php
assay.1plus1.ua/ 43 B
255 B 56ms
56ms Image
image/gif 195.137.240.12
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assay.1plus1.ua/piwik.php?action_name=%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%201%2B1&idsite=2&rec=1&r=805882&h=15&m=31&s=17&url=https%3A%2F%2F1plus1.ua%2F&_id=3732322b0af566f0&_idts=1632411077&_idvc=1&_idn=0&_refts=0&_viewts=1632411077&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=275

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

195.137.240.12 , Ukraine, ASN29389 (ASN-UNIAN, UA),

Reverse DNS

assay.1plus1.ua

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=10
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif

GET
H/1.1 200
OK ovva.0.3.0.css
1plus1.video/static/player/css/ Frame E132 171 KB
26 KB 79ms
79ms Stylesheet
text/css 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/css/ovva.0.3.0.css?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 7426a6e81ee72c73354b41046a03c36f43578de921153c7bc5d85229bb7a9bb3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/video/embed/E2fzXbha?l=ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 12:33:59 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:31:16 GMT

GET
H/1.1 200
OK ovva.0.3.0.js Show response
1plus1.video/static/player/js/ Frame E132 196 KB
68 KB 136ms
46ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 80590ab9a655471fcfc3b9b5eeb31839df6b81578a940a95b8cd778fd54db2b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/video/embed/E2fzXbha?l=ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Aug 2021 07:08:42 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:26:31 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame E132 97 KB
38 KB 32ms
29ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?l=ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1e93a05ff1f25e9d6edad765934514cc2fe3665004528f8c6759ca604d6c652d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39303
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/uk_UA/ 268 KB
76 KB 22ms
7ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js?hash=3a25043dbcba461f96e7cce8aa823f55

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

20e00c1877187d690e82126569743876248ba7bd043b34138707b48c7663aeab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://1plus1.ua/
Origin: https://1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: iUBlBZqg5tZuKF1AvZ7AqQ==
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 77407
x-fb-rlafr: 0
x-fb-debug: P9Dw0fNXvwfbzBj+TWkcwiI4n5LwUdMkVbab8p5C5pR5GOjs690IlZaQmF1W6gjdUdT928RcsW52VE4Qdc3h1Q==
x-fb-trip-id: 2050670934
x-fb-content-md5: 450fdf067ec45be10ad813b2bb17af25
x-frame-options: DENY
date: Thu, 23 Sep 2021 15:31:17 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "ad6a033e9a7a49411c5989ac6bb0c7b0"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 23 Sep 2022 14:51:03 GMT

GET
H/1.1 200
OK api.auth.css
api.1plus1.video/static/css/ 56 KB
9 KB 52ms
51ms Stylesheet
text/css 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/css/api.auth.css?_t1124051888341
Requested by: Host: client
URL: about:client
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 11:47:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:31:17 GMT

GET
H/1.1 200
OK csyncs Show response
ghb.adtelligent.com/ 730 B
632 B 23ms
21ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/csyncs?aid1=437380&aid2=437381&aid3=607661&aid4=638043&aid5=undefined
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 69a916245e4d68cb9a4493c8e1a6bc39c1a68197b48b2cae014a2b06cdc9b8b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Server: VertaMedia 1.0
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 348

GET
H2 200 pubads_impl_2021092201.js Show response
securepubads.g.doubleclick.net/gpt/ 336 KB
118 KB 92ms
19ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

9a9a466cd927c64b4e9b81e29beec7d80422fb985b26a1ec038abea10c74c1eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120420
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 08:37:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 82 B
733 B 87ms
16ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=1plus1.ua

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

3bd097788140ca91bd593b4437a9bff97366419a46c6a23d620e429e63d9f277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76
x-xss-protection: 0
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H2 200 fpdata.js Show response
gaua.hit.gemius.pl/ 278 B
392 B 31ms
28ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/fpdata.js?href=1plus1.ua
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: bd0c97d7c6d30068384ac78dbb20bd97a617b817b7f6a7ed6468fee2356d1f62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 278
expires: Sat, 23 Oct 2021 15:31:17 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame AE39 5 KB
3 KB 97ms
32ms Document
text/html 146.59.30.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ip104.ip-146-59-30.eu
Software: GHC /
Resource Hash: 0d6acb8e8b16cea63c83615e5953e24e2793c8d575c63639175a321b4bfbe3e4

Request headers

:method: GET
:authority: ls.hit.gemius.pl
:scheme: https
:path: /lsget.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
expires: Sat, 23 Oct 2021 15:31:17 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2716
content-encoding: gzip

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
202 B 24ms
22ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1905960819&t=pageview&_s=1&dl=https%3A%2F%2F1plus1.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%201%2B1&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1565597577&gjid=2014050217&cid=691999109.1632411077&tid=UA-22507043-9&_gid=1655961363.1632411077&_r=1&gtm=2wg9m0PWKM5Z&z=1307630105

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
68 B 25ms
20ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1905960819&t=pageview&_s=1&dl=https%3A%2F%2F1plus1.ua%2F&ul=en-us&de=UTF-8&dt=%D0%9E%D1%84%D1%96%D1%86%D1%96%D0%B9%D0%BD%D0%B8%D0%B9%20%D1%81%D0%B0%D0%B9%D1%82%20%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D1%83%201%2B1&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=607085642&gjid=1751164781&cid=691999109.1632411077&tid=UA-113262294-1&_gid=1655961363.1632411077&_r=1&gtm=2wg9m0PWKM5Z&z=1530114518

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 925 B
1018 B 70ms
25ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=__api_auth_recaptcha_on_load__&render=explicit&hl=uk

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1c308b71efa2cfe41244ef14564a3864945627e634740d81a520f1589305f669

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 584
x-xss-protection: 1; mode=block
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H/1.1

200
OK

Cookie set csync Show response
sync.adtelligent.com/ Frame FED1
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=8733a84a-5a0f-4330-a360-4a20cc6c887b

86 B
547 B

1350ms
862ms

Document
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=8733a84a-5a0f-4330-a360-4a20cc6c887b
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997

Request headers

Host: sync.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://1plus1.ua/
Accept-Encoding: gzip, deflate, br
Cookie: vmuid=055091cb177a48bf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

Server: VertaMedia 1.0
Date: Thu, 23 Sep 2021 15:31:18 GMT
Content-Type: image/gif
Content-Length: 86
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: vmuid=055091cb177a48bf; expires=Wed, 24 Nov 2021 15:31:17 GMT; domain=.adtelligent.com; path=/; secure; SameSite=None a319130=8733a84a-5a0f-4330-a360-4a20cc6c887b; expires=Wed, 24 Nov 2021 15:31:17 GMT; domain=.adtelligent.com; path=/; secure; SameSite=None

Redirect headers

set-cookie: viewer_token=8733a84a-5a0f-4330-a360-4a20cc6c887b; path=/; domain=csync.loopme.me; Expires=Sat, 23-Oct-2021 15:31:17 GMT
location: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=8733a84a-5a0f-4330-a360-4a20cc6c887b
content-length: 0
date: Thu, 23 Sep 2021 15:31:17 GMT
server: _

GET
H2

200

1px-matching-adtelligent.gif
t.trafmag.com/images/images/
Redirect Chain

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=055091cb177a48bf

35 B
231 B

71ms
20ms

Image
image/gif

193.200.65.5
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=055091cb177a48bf
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: t.trafmag.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
server: nginx
content-type: image/gif
content-length: 35
p3p: CP="NON DSP COR CURa TIA"

Redirect headers

Location: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=055091cb177a48bf
Date: Thu, 23 Sep 2021 15:31:18 GMT
Server: VertaMedia 1.0
Content-Length: 43
Content-Type: image/gif

GET
H2 204 match
dm.hybrid.ai/ 0
238 B 187ms
59ms Image
text/plain 37.18.16.23
HYBRID-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/match?id=186&burl=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D324902%26extuid%3D%24%7BVID%7D

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.18.16.23 , Netherlands, ASN205675 (HYBRID-AS, RU),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: *
cache-control: no-cache, no-store
x-mode: 109
x-xss-protection: 1; mode=block
expires: -1

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 199 B
404 B 47ms
18ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=1plus1.ua&callback=_gfp_s_&client=ca-pub-9111367348737651

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109200101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9111367348737651&plah=1plus1.ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ffd92be07c06b779ebecabaecdffa71df3d98eb1b37fe662982c6add81b8fc98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 188
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
121 B 37ms
37ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2F1plus1.ua%2F&tn=DIV&cls=cookies%20js-cookies&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 70ms
27ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1plus1.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 107ms
30ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1plus1.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C611 0
179 B 60ms
59ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9111367348737651&output=html&adk=1812271804&adf=3025194257&lmt=1632411077&plat=2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1plus1.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632411077003&bpp=2&bdt=585&idt=324&shv=r20210921&mjsv=m202109200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5030421693548&frm=20&pv=2&ga_vid=691999109.1632411077&ga_sid=1632411077&ga_hid=1905960819&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062580%2C31062854%2C21065724%2C44750894&oid=3&pvsid=2232814433520111&pem=104&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=342

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9111367348737651&output=html&adk=1812271804&adf=3025194257&lmt=1632411077&plat=2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1plus1.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632411077003&bpp=2&bdt=585&idt=324&shv=r20210921&mjsv=m202109200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5030421693548&frm=20&pv=2&ga_vid=691999109.1632411077&ga_sid=1632411077&ga_hid=1905960819&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062580%2C31062854%2C21065724%2C44750894&oid=3&pvsid=2232814433520111&pem=104&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=342
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 23 Sep 2021 15:31:17 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 23-Sep-2021 15:46:17 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 23 Sep 2021 15:31:17 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a7ad5974f3d165d1a83149795afe792e241b0e6a41078c6e14bcecc5449934e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27652
x-xss-protection: 0
server: sffe
etag: "1632310961004595"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H2 200 cds.js Show response
pa.tns-ua.com/viewability/ 2 KB
3 KB 50ms
49ms Script
application/javascript 194.247.175.26
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pa.tns-ua.com/viewability/cds.js
Requested by: Host: source.mmi.bemobile.ua
URL: https://source.mmi.bemobile.ua/cm/cm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.26 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 9cfc3a96cab0eb315783265b6db554e532e060952d409399cc7dd1d7e775b9a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Mon, 02 Jul 2018 17:27:05 GMT
server: nginx/1.18.0
accept-ranges: bytes
etag: "5b3a6069-9c3"
content-length: 2499
content-type: application/javascript; charset=utf-8

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 80ms
24ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/css/api.auth.css?_t1124051888341

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

33a3fdc40352c38d67dc1ca75dd2acc8280c0ef1b6402d81fe45e8afd528cb65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 15:26:37 GMT
server: ESF
date: Thu, 23 Sep 2021 15:31:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Sep 2021 15:31:17 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
458 B 68ms
21ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-22507043-9&cid=691999109.1632411077&jid=1565597577&gjid=2014050217&_gid=1655961363.1632411077&_u=YEBAAEAAAAAAAC~&z=2073773245

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 23 Sep 2021 15:31:17 GMT
content-type: text/plain
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK l.js Show response
api.1plus1.video/u/ Frame E132 898 B
2 KB 63ms
59ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/u/l.js?p=128902&l=ua&f=0&auth=1&login_profile=1&_t=1632411077433
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 9659a6037d231a06278478ace5eefb67422c2ab89f64f0ba090d4557543c59bd

Request headers

Referer: https://1plus1.video/
Origin: https://1plus1.video
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:18 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://1plus1.video
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame E132 120 KB
45 KB 26ms
24ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WPC3Q76

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?l=ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

02b5be6cf36c11aae65615a17c309a29c8b085648ddae4f85a86783bef15e224

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45648
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
426 B 28ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1834787353214372&ev=fb_page_view&dl=https%3A%2F%2F1plus1.ua%2F&rl=&if=false&ts=1632411077469&sw=1600&sh=1200&at=

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
296 B 43ms
41ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-22507043-9&cid=691999109.1632411077&jid=1565597577&_u=YEBAAEAAAAAAAC~&z=2058415601

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 84ms
47ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-22507043-9&cid=691999109.1632411077&jid=1565597577&_u=YEBAAEAAAAAAAC~&z=2058415601

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/298308/ 4 KB
2 KB 29ms
7ms XHR
application/json 213.174.135.2
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/298308/config.json?cb=https%3A%2F%2F1plus1.ua%2F
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: b72331d9f847ef49e7a8c6ce755781ed88741727c9fe6542bcc122cf2e22fb9d

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
last-modified: Thu, 23 Sep 2021 12:01:07 GMT
server: nginx/1.18.0
etag: W/"614c6c83-118d"
content-type: application/json
access-control-allow-origin: https://1plus1.ua
expires: Thu, 23 Sep 2021 16:31:17 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 15 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25223ebcd6fd1a448870e5470f374170b5d6aaf0075b1f0bc6cffc2b399529aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 14:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6275
x-xss-protection: 0
server: cafe
etag: 5734348704103846208
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 23 Sep 2021 15:52:01 GMT

GET
H2 200 cm.html Show response
pa.tns-ua.com/viewability/ Frame 3C48 3 KB
1 KB 42ms
42ms Document
text/html 194.247.175.26
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pa.tns-ua.com/viewability/cm.html
Requested by: Host: pa.tns-ua.com
URL: https://pa.tns-ua.com/viewability/cds.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.26 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 9b99450717649bd5715ae5cba0e064d8cc879abe705815792d66097163cfb576

Request headers

:method: GET
:authority: pa.tns-ua.com
:scheme: https
:path: /viewability/cm.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

server: nginx/1.18.0
date: Thu, 23 Sep 2021 15:31:17 GMT
content-type: text/html; charset=utf-8
last-modified: Mon, 25 Jun 2018 15:00:33 GMT
etag: W/"5b310391-b5f"
content-encoding: gzip

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame E132 48 KB
19 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 2357
date: Thu, 23 Sep 2021 14:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Thu, 23 Sep 2021 16:52:00 GMT

GET
H/1.1 200
OK v0 Show response
l1.heyhelga.net/stat/eventManager/ 16 KB
16 KB 65ms
65ms Fetch
application/json 195.137.240.18
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://l1.heyhelga.net/stat/eventManager/v0?domain=1plus1.ua&url=%2F
Requested by: Host: l1.heyhelga.net
URL: https://l1.heyhelga.net/analytics.js?ver=1632411076
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.18 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: l1-izi-01.1plus1.net
Software: nginx /
Resource Hash: 55b6a6276b53d4aeb9b1c841db9ff49b552897ee4faa32937a39c7da50f05958

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Expose-Headers: link
Cache-Control: no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H2 200 recaptcha__uk.js Show response
www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/ 373 KB
136 KB 60ms
16ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/recaptcha__uk.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=__api_auth_recaptcha_on_load__&render=explicit&hl=uk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

255911b9f4896e6e6b223bb668152ffe939f182cef38c41f51b9c83c72c3cc0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
Origin: https://1plus1.ua
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 16:14:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 256618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138945
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 18:01:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Tue, 20 Sep 2022 16:14:19 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 77ms
23ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F1plus1.ua%2F&domain=1plus1.ua&cw=1&lsw=1

Protocol

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://1plus1.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://1plus1.ua
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1627
date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2F1plus1.ua%2F&domain=1plus1.ua&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=WdhMQXwvMERncXVtRU80elNQbHpkVDUyQjJVNzhQU2k0TFE5NzExdGwxM2R5OHJ5Z3hQUllod1c4cUpwYXhnZWN1REtnV0ZWR1FUamRnWVdyMGYxU2Q3NENaaVRRV20vc0JoeTZ4STJRRldSdW0wZzdleW95azhGOHkrUW...

348 B
607 B

53ms
20ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=WdhMQXwvMERncXVtRU80elNQbHpkVDUyQjJVNzhQU2k0TFE5NzExdGwxM2R5OHJ5Z3hQUllod1c4cUpwYXhnZWN1REtnV0ZWR1FUamRnWVdyMGYxU2Q3NENaaVRRV20vc0JoeTZ4STJRRldSdW0wZzdleW95azhGOHkrUWNZQkQxZjVmZzlOaktDYjAyWEZuWHcwVUNEemUrN0N4RU5TTTR2NlNJdlFBVXJtalhQNHcwSldzT2ozbEVsRVBhYUEyMi9WamttT3krZTdheDdCb21JWEdzSFhkQUY1aXN6TUNycmxLKzJObUluUFhRbVhnPXw&cppv=2

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

891e5016585ea32c4d7e6df6daec24be87cccbe48af8a4930251dc4ec1d6efd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 23 Sep 2021 15:31:17 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2881
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 23 Sep 2021 15:31:16 GMT
location: https://mug.criteo.com/sid?cpp=WdhMQXwvMERncXVtRU80elNQbHpkVDUyQjJVNzhQU2k0TFE5NzExdGwxM2R5OHJ5Z3hQUllod1c4cUpwYXhnZWN1REtnV0ZWR1FUamRnWVdyMGYxU2Q3NENaaVRRV20vc0JoeTZ4STJRRldSdW0wZzdleW95azhGOHkrUWNZQkQxZjVmZzlOaktDYjAyWEZuWHcwVUNEemUrN0N4RU5TTTR2NlNJdlFBVXJtalhQNHcwSldzT2ozbEVsRVBhYUEyMi9WamttT3krZTdheDdCb21JWEdzSFhkQUY1aXN6TUNycmxLKzJObUluUFhRbVhnPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1411
content-length: 482
expires: 0

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 55 B
398 B 79ms
19ms XHR
application/json 185.255.84.150
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2F1plus1.ua%2F&CanonicalUrl=https%3A%2F%2F1plus1.ua%2F&PublisherDomain=https%3A%2F%2F1plus1.ua

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.150 Paris, France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

087c5ad811ccee261e1db707889ff29930b5d2f401e5f67ad1dfdea793dcc855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1plus1.ua
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
access-control-allow-headers: Accept-Encoding, Content-Type
content-length: 55
expires: 0

POST
H2 200 adjson Show response
ads.betweendigital.com/ 2 B
905 B 248ms
76ms XHR
application/json 88.212.252.22
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 88.212.252.22 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
365 B 70ms
26ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://1plus1.ua
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
182 B 69ms
24ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.41.0-pre&cb=71755606086
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://1plus1.ua
date: Thu, 23 Sep 2021 15:31:17 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 arj Show response
adtelligent-d.openx.net/w/1.0/ 171 B
552 B 69ms
24ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adtelligent-d.openx.net/w/1.0/arj?ju=https%3A%2F%2F1plus1.ua%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=61082913-b901-43c2-97d0-e885896733ca%2Cd524d078-af16-42e5-9c2e-9a7e45e0712f%2C4fcc3777-a730-46ee-b734-99703756b3a4%2C6b8fd94e-6bc2-40f3-bd08-57824b8a497c&nocache=1632411077657&pubcid=4c8afe06-d4e2-4163-b985-172b3953efa5&schain=1.0%2C1!adtelligent.com%2C298309%2C1%2C%2C%2C&aus=300x600%2C300x250%7C970x250%2C750x250%7C300x250%7C1440x180&divids=div-gpt-ad-1519059092931-0583456640%2Cdiv-gpt-ad-1519059092931-1%2Cdiv-gpt-ad-1519059092931-2%2Capi-gpt-catfish-wrapper&aucs=%2C%2C%2C&auid=541177132%2C541177132%2C541177132%2C541177132
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.2 /
Resource Hash: df3305662fa1b7c0366a39acdd6bbc48dc9bf38e5472dd3faa46ac472023c248

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
server: OXGW/16.216.2
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://1plus1.ua
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 162
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 567 B
631 B 23ms
23ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 3a1647b7f802022b463442eb927665c20c86dba58894a05984d3f1d01169ee3b

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Server: VertaMedia 1.0
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 347

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
171 B 76ms
23ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://1plus1.ua
date: Thu, 23 Sep 2021 15:31:17 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK / Show response
ghb1.adtelligent.com/v2/auction/ 360 B
442 B 163ms
26ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb1.adtelligent.com/v2/auction/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: b460354d7654e359ed86074554657df0f28915ea6dd7c3a711c6b5a9ce63fae5

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Server: VertaMedia 1.0
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 158

POST
H/1.1 200
OK / Show response
ghb2.adtelligent.com/v2/auction/ 481 B
454 B 118ms
21ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb2.adtelligent.com/v2/auction/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 3f8b3e429251ff0f3e0ebec8e9eaeb655819c8a9aa154210866843d1fbc87a4e

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Server: VertaMedia 1.0
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 170

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 11 KB
6 KB 387ms
347ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

d685be744bcc4ec9c7a7e0fc2e9df800ef64fa7274294ccd8eea293a027d2af3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 23 Sep 2021 15:31:18 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.232.23.180; 185.232.23.180; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 4c921269-568d-45c3-bad3-bff47492d3c4
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://1plus1.ua
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK prebid.1.1.aspx Show response
inv-nets.admixer.net/ 3 KB
4 KB 1210ms
159ms XHR
text/javascript 146.0.227.110
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/prebid.1.1.aspx?data={%22imps%22:[{%22id%22:14528,%22name%22:%22Dentsu_%22,%22adapter_id%22:779,%22type%22:%22display%22,%22bidder%22:%22admixer%22,%22entityId%22:26361,%22geo%22:{%22type%22:%22block%22,%22list%22:{},%22skipGeo%22:true},%22isMarket%22:false,%22params%22:{%22zone%22:%222e723dca-1235-46e7-bfa3-1d9d2a386e71%22},%22minViewWithDfp%22:0,%22noR%22:0,%22overrideId%22:3345592,%22labels%22:[],%22validLabelIds%22:[],%22userId%22:{%22pubcid%22:%224c8afe06-d4e2-4163-b985-172b3953efa5%22},%22userIdAsEids%22:[{%22source%22:%22pubcid.org%22,%22uids%22:[{%22id%22:%224c8afe06-d4e2-4163-b985-172b3953efa5%22,%22atype%22:1}]}],%22mediaTypes%22:{%22banner%22:{%22sizes%22:[[300,600],[300,250]]}},%22adUnitCode%22:%22div-gpt-ad-1519059092931-0583456640%22,%22transactionId%22:%2261082913-b901-43c2-97d0-e885896733ca%22,%22sizes%22:[[300,600],[300,250]],%22bidId%22:%22442022db5ff5d23%22,%22bidderRequestId%22:%224370abf62bc8b19%22,%22auctionId%22:%22x3eos9.tp%22,%22src%22:%22client%22,%22bidRequestsCount%22:1,%22bidderRequestsCount%22:1,%22bidderWinsCount%22:0},{%22id%22:9455,%22name%22:%22Admixer%22,%22adapter_id%22:779,%22type%22:%22display%22,%22bidder%22:%22admixer%22,%22entityId%22:10360,%22geo%22:{%22type%22:%22block%22,%22list%22:{},%22skipGeo%22:true},%22isMarket%22:false,%22params%22:{%22zone%22:%221c240967-b7c5-4f98-8253-7a992d2ea6b1%22},%22minViewWithDfp%22:0,%22noR%22:0,%22overrideId%22:1681533,%22labels%22:[],%22validLabelIds%22:[],%22userId%22:{%22pubcid%22:%224c8afe06-d4e2-4163-b985-172b3953efa5%22},%22userIdAsEids%22:[{%22source%22:%22pubcid.org%22,%22uids%22:[{%22id%22:%224c8afe06-d4e2-4163-b985-172b3953efa5%22,%22atype%22:1}]}],%22mediaTypes%22:{%22banner%22:{%22sizes%22:[[970,250],[750,250]]}},%22adUnitCode%22:%22div-gpt-ad-1519059092931-1%22,%22transactionId%22:%22d524d078-af16-42e5-9c2e-9a7e45e0712f%22,%22sizes%22:[[970,250],[750,250]],%22bidId%22:%224584dc21a8aa492%22,%22bidderRequestId%22:%224370abf62bc8b19%22,%22auctionId%22:%22x3eos9.tp%22,%22src%22:%22client%22,%22bidRequestsCount%22:1,%22bidderRequestsCount%22:1,%22bidderWinsCount%22:0},{%22id%22:9455,%22name%22:%22Admixer%22,%22adapter_id%22:779,%22type%22:%22display%22,%22bidder%22:%22admixer%22,%22entityId%22:10361,%22geo%22:{%22type%22:%22block%22,%22list%22:{},%22skipGeo%22:true},%22isMarket%22:false,%22params%22:{%22zone%22:%223c6673bc-2d82-4eff-a73c-fc9b22679edb%22},%22minViewWithDfp%22:0,%22noR%22:0,%22overrideId%22:738772,%22labels%22:[],%22validLabelIds%22:[],%22userId%22:{%22pubcid%22:%224c8afe06-d4e2-4163-b985-172b3953efa5%22},%22userIdAsEids%22:[{%22source%22:%22pubcid.org%22,%22uids%22:[{%22id%22:%224c8afe06-d4e2-4163-b985-172b3953efa5%22,%22atype%22:1}]}],%22mediaTypes%22:{%22banner%22:{%22sizes%22:[[300,250]]}},%22adUnitCode%22:%22div-gpt-ad-1519059092931-2%22,%22transactionId%22:%224fcc3777-a730-46ee-b734-99703756b3a4%22,%22sizes%22:[[300,250]],%22bidId%22:%22460b6f0b5f2347e%22,%22bidderRequestId%22:%224370abf62bc8b19%22,%22auctionId%22:%22x3eos9.tp%22,%22src%22:%22client%22,%22bidRequestsCount%22:1,%22bidderRequestsCount%22:1,%22bidderWinsCount%22:0},{%22id%22:17236,%22name%22:%22Dentsu_Halfscreen%22,%22adapter_id%22:779,%22type%22:%22display%22,%22bidder%22:%22admixer%22,%22entityId%22:10363,%22geo%22:{%22type%22:%22block%22,%22list%22:{},%22skipGeo%22:true},%22isMarket%22:false,%22params%22:{%22zone%22:%229c5ac4fd-5e54-41a1-abaa-9b5d75ba6e85%22},%22minViewWithDfp%22:0,%22noR%22:0,%22overrideId%22:3345532,%22labels%22:[],%22validLabelIds%22:[],%22userId%22:{%22pubcid%22:%224c8afe06-d4e2-4163-b985-172b3953efa5%22},%22userIdAsEids%22:[{%22source%22:%22pubcid.org%22,%22uids%22:[{%22id%22:%224c8afe06-d4e2-4163-b985-172b3953efa5%22,%22atype%22:1}]}],%22mediaTypes%22:{%22banner%22:{%22sizes%22:[[1440,180]]}},%22adUnitCode%22:%22api-gpt-catfish-wrapper%22,%22transactionId%22:%226b8fd94e-6bc2-40f3-bd08-57824b8a497c%22,%22sizes%22:[[1440,180]],%22bidId%22:%224783b94018145a6%22,%22bidderRequestId%22:%224370abf62bc8b19%22,%22auctionId%22:%22x3eos9.tp%22,%22src%22:%22client%22,%22bidRequestsCount%22:1,%22bidderRequestsCount%22:1,%22bidderWinsCount%22:0}],%22referrer%22:%22https%3A%2F%2F1plus1.ua%2F%22}

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

8d40278bb12cc592fa90a2d3d5b11d31c5d156bbbd2e128b1f3ca7e87c7eb5ff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 23 Sep 2021 15:31:18 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://1plus1.ua
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 3551
X-Xss-Protection: 0

GET
H2 204 1437498 Show response
vc.hotjar.io/sessions/ 0
255 B 102ms
35ms XHR
text/plain 13.225.78.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/1437498?s=0.25&r=0.14274151394735046
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5fe2f4f38cf4833026a9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-105.fra2.r.cloudfront.net
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
server: Python/3.7 aiohttp/3.5.4
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: 3r6tlc1FZoP1tRk3dI16rujN8v3y_Q6eSL7xlQgS93_uP3BSQziJfw==

GET
H2

200

rexdot.js Show response
gaua.hit.gemius.pl/__/_1632411077677/
Redirect Chain

https://gaua.hit.gemius.pl/_1632411077677/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F1plus1.ua%2...
https://gaua.hit.gemius.pl/__/_1632411077677/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F1plus1.u...

169 B
433 B

25ms
25ms

Script
application/x-javascript

54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/__/_1632411077677/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F1plus1.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=419&lsdata=664aFbrf3Ol1n6oGqoVLAK5ujh8vuNntJ.0juaHDcej..7RQiV_vDy1O8LQbaHPnMYj1_mqqsig_TzTImt9S1c5fwYpC/uGNQui9r0NMXM/&fpdata=QJ67Pts8nqT6tiMqm7AeHKcodUqUsUBfNyLrhnzErGj.A7&vis=1&fpcap=
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: a423a6f66245ac6465f3dca7ff0535ffb1944b0b73eadf99e187930a52d6b824

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 169
expires: Wed, 22 Sep 2021 15:31:17 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:17 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1632411077677/rexdot.js?l=100&id=bQdAso_Qc_wk._rzEVOvvGaEzbt1HObiH52AAsgyaVv.i7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2F1plus1.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=419&lsdata=664aFbrf3Ol1n6oGqoVLAK5ujh8vuNntJ.0juaHDcej..7RQiV_vDy1O8LQbaHPnMYj1_mqqsig_TzTImt9S1c5fwYpC/uGNQui9r0NMXM/&fpdata=QJ67Pts8nqT6tiMqm7AeHKcodUqUsUBfNyLrhnzErGj.A7&vis=1&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 22 Sep 2021 15:31:17 GMT

GET
H/1.1 200
OK api.auth.0.0.5.js Show response
api.1plus1.video/static/js/ Frame E132 108 KB
33 KB 50ms
49ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Requested by: Host: api.1plus1.video
URL: https://api.1plus1.video/u/l.js?p=128902&l=ua&f=0&auth=1&login_profile=1&_t=1632411077433
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 974f2bbaea34f0c01bbaf12d439695df1a579ce8274180da38cf8f1771fdcb49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Aug 2021 07:08:16 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:30:04 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 86ms
20ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1042
date: Thu, 23 Sep 2021 15:31:17 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK poll.js Show response
l1.heyhelga.net/poll/ 12 KB
4 KB 41ms
41ms Script
application/javascript 195.137.240.18
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://l1.heyhelga.net/poll/poll.js?version=1632411077792
Requested by: Host: l1.heyhelga.net
URL: https://l1.heyhelga.net/analytics.js?ver=1632411076
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.137.240.18 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: l1-izi-01.1plus1.net
Software: nginx /
Resource Hash: 8abfb95a0d75c4822ccf98fefe287247d26b6e753988814d82838af1bf59c8c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Jan 2021 19:03:32 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=7200
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK api.auth.css
api.1plus1.video/static/css/ Frame E132 56 KB
9 KB 45ms
43ms Stylesheet
text/css 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/css/api.auth.css?_t598528748811
Requested by: Host: client
URL: about:client
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:18 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Aug 2020 07:12:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:31:17 GMT

GET
H2 200 PageStatEntry Show response
sslpagestat.mmi.bemobile.ua/pagestat/ 36 B
130 B 157ms
46ms XHR
application/json 194.247.175.26
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sslpagestat.mmi.bemobile.ua/pagestat/PageStatEntry?cookie=AA81108B98B04E499D57AA5696E8B613&time=1632411077462&location=https%3A%2F%2F1plus1.ua%2F&referrer=&is_flash=0&session_id=251263902&version=3.5.337_ua/1.83&sw=1600&sh=1200&scd=24&spd=24&tnscm_adn=inline_cm&param1=~cm_timer~&param2=0&param3=1200&param5=2&vt=d
Requested by: Host: source.mmi.bemobile.ua
URL: https://source.mmi.bemobile.ua/cm/cm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.26 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.13.0 /
Resource Hash: 147b1111edda7e2c2f9d672b5649de2f2dc5d5cb9dda7905198aa883a4273013

Request headers

Accept: application/json
Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 23 Sep 2021 15:31:17 GMT
server: nginx/1.13.0
content-length: 36
content-type: application/json

GET
H2 200 pic.gif
pa.tns-ua.com/bug/ 56 B
229 B 43ms
42ms Image
image/gif 194.247.175.26
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pa.tns-ua.com/bug/pic.gif?uid=AA81108B98B04E499D57AA5696E8B613&time=1632411077840
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.26 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 2d310648a31461f6b76c38bca295da135b9825938ad1defab174fc29b414487b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:17 GMT
cache-control: no-cache
server: nginx/1.18.0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E132 4 KB
705 B 24ms
22ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/css/api.auth.css?_t598528748811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

33a3fdc40352c38d67dc1ca75dd2acc8280c0ef1b6402d81fe45e8afd528cb65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 13:32:48 GMT
server: ESF
date: Thu, 23 Sep 2021 15:31:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Sep 2021 15:31:17 GMT

GET
H/1.1 200
OK hls.light.min.js Show response
1plus1.video/static/player/js/ Frame E132 153 KB
53 KB 45ms
44ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/js/hls.light.min.js
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: bd9072da49e87b2c3688527532eb51a54a6886366915be497e4e2de0c83e5859

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/video/embed/E2fzXbha?l=ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Mar 2019 13:06:09 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:26:51 GMT

GET
H2 200 92d3195f325a4d45ee303ab9d892d5b3.custom.jpg
images.1plus1.video/card-5/E2fzXbha/ Frame E132 475 KB
476 KB 51ms
50ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/E2fzXbha/92d3195f325a4d45ee303ab9d892d5b3.custom.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: bc612c0463c547f2d209aebf6d513fe30242194a0c14739ac81495248c0c4d66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Tue, 15 Jun 2021 14:24:37 GMT
server: nginx
etag: "c7be8b09dd21bd3fc4aad93543f193e6"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 486113
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
DATA 200
OK truncated
/ Frame E132 369 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f9ecc527406b9b72bc3a9f4527892dcf842584b7e6aeb7ce816a4c7c8803954

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 mem8YaGs126MiZpBA-UFUZ0bbck.woff2
fonts.gstatic.com/s/opensans/v25/ Frame E132 9 KB
9 KB 60ms
23ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v25/mem8YaGs126MiZpBA-UFUZ0bbck.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1plus1.video
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 16:31:57 GMT
x-content-type-options: nosniff
age: 82761
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9400
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:34 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 22 Sep 2022 16:31:57 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v25/ Frame E132 14 KB
15 KB 47ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v25/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1plus1.video
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 16:31:57 GMT
x-content-type-options: nosniff
age: 82761
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:26 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 22 Sep 2022 16:31:57 GMT

GET
H2 200 gplayer.js Show response
gaua.hit.gemius.pl/ Frame E132 22 KB
6 KB 25ms
25ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/gplayer.js
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 47bcd6300dc99708d9a484c5078936d8d812c884c88378e6b7eae949ae00063a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
content-encoding: gzip
last-modified: Wed, 15 Sep 2021 10:02:32 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 5965
expires: Fri, 24 Sep 2021 03:31:18 GMT

GET
H/1.1 200
OK 128902 Show response
api.1plus1.video/v2/ua/recommendation_projects/ Frame E132 3 KB
2 KB 70ms
70ms XHR
application/json 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/v2/ua/recommendation_projects/128902?cid=E2fzXbha&vct=3&_t1092670683037
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 5c9b589c8b9082b39d00e24848ccca4155edc9f8fe629fce433a93381de398b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:18 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://1plus1.video
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 gemiuslib.js Show response
gaua.hit.gemius.pl/ Frame E132 38 KB
10 KB 26ms
26ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/gemiuslib.js
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 3b5162e97e0561b1a659efc32c3e0625a4f6ed0c9eaafd0f8b1c056e3074ab13

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
content-encoding: gzip
last-modified: Wed, 15 Sep 2021 10:02:32 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10489
expires: Fri, 24 Sep 2021 03:31:18 GMT

GET
H/1.1 200
OK api.chat.0.0.1.js Show response
api.1plus1.video/static/js/ Frame E132 33 KB
13 KB 88ms
44ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.chat.0.0.1.js
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 5053ab3f73bc9c12f1b5ced0dbfbeaf92f8484d6cca52239c7d5b1ba756e6c16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:18 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Feb 2021 14:23:21 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:29:02 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame E132 345 KB
119 KB 99ms
36ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b41e03561fcd66267e40478b43dfc163e850387b636883e84aa4c8947bf273a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121279
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Thu, 23 Sep 2021 15:31:18 GMT

GET
H2 200 fpdata.js Show response
gaua.hit.gemius.pl/ Frame E132 281 B
353 B 31ms
28ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/fpdata.js?href=1plus1.video
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 66792ec85dc3e98377a64ffdfadf8ed923918d6a48a235f4f2f4d7b55788805f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 281
expires: Sat, 23 Oct 2021 15:31:18 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 99D8 5 KB
3 KB 29ms
29ms Document
text/html 146.59.30.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ip104.ip-146-59-30.eu
Software: GHC /
Resource Hash: a12c1931b77757059b186784d53fda5f28a0d29e0f0e8e972f119d16d8535194

Request headers

:method: GET
:authority: ls.hit.gemius.pl
:scheme: https
:path: /lsget.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.video/
accept-encoding: gzip, deflate, br
cookie: Gdyn=KlQWvMXGQMQGEMbm4BV5mRFissGMXP8c25nSGAERDRn7M5aSHKRlfeDaojQGmsRGxRxWrMhrGGKRysKsXj5GqSRxSG8.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
expires: Sat, 23 Oct 2021 15:31:18 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2720
content-encoding: gzip

GET
H2 200 220x330.jpg
images.1plus1.video/playlist-1/93/ Frame E132 12 KB
12 KB 50ms
48ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/93/220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ff4f5f0bca4fd9b34c725fd203fa825eda8f562505eb3e64f1d16eecaf914bdc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Fri, 27 Oct 2017 06:55:00 GMT
server: nginx
etag: "0c4fc3c35b7f1f3f26b840ee8cd66a63"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 11830
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 e485c59dbdef7658e904030fb9920eba.220x330.jpg
images.1plus1.video/playlist-1/5589/ Frame E132 79 KB
79 KB 76ms
75ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/5589/e485c59dbdef7658e904030fb9920eba.220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ab61b686264fb40bf1a51907f060d0e3b703c1b5494c65cf138f41093097b925

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Mon, 16 Aug 2021 09:32:14 GMT
server: nginx
etag: "92a8e74968827b37f814d4484dbe3a47"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 80808
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 200x335.jpg
images.1plus1.video/playlist-1/172/ Frame E132 9 KB
9 KB 49ms
49ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/172/200x335.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 3414b58bed1def0f8a1f6eb4d0a00aefe269558f7c83e4991514f7557906d5d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Fri, 27 Oct 2017 06:55:21 GMT
server: nginx
etag: "0f22fa88b853950fb893bc821641989a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 9066
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 fa026e772cfd5e39f5c43fb03bea1247.220x330.jpg
images.1plus1.video/playlist-1/101800/ Frame E132 77 KB
78 KB 70ms
70ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/101800/fa026e772cfd5e39f5c43fb03bea1247.220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 7f4b62d09dc30ffd1f6943c722fc053199beca02c3a5962264608d05ec583484

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Thu, 23 Sep 2021 09:32:32 GMT
server: nginx
etag: "1ac7c7bca48ad0b6bf49709fb825bd52"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 79302
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 08889206d0bc6f22496fd04b86041fed.220x330.jpg
images.1plus1.video/playlist-1/326/ Frame E132 91 KB
91 KB 69ms
67ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/326/08889206d0bc6f22496fd04b86041fed.220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 176cec0c0610df2346dd22066f273900fa263f1071814b001d07ffbd654b9eda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Sat, 13 Feb 2021 11:59:34 GMT
server: nginx
etag: "70c7ed91bbef141e65887484066b2093"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 93213
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 19a348d8fe46d988addecabea5bddcd4.220x330.jpg
images.1plus1.video/playlist-1/70406/ Frame E132 83 KB
83 KB 51ms
50ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/70406/19a348d8fe46d988addecabea5bddcd4.220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 6e1fab0987211581657a25273dce874d533e7aec592668da6e72ef855ad0759c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Wed, 03 Mar 2021 14:22:50 GMT
server: nginx
etag: "ccd267cf844bad94a287cbf9cf26821e"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 85082
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 f0ee1990bc109bdc1d80ced614848fbe.220x330.jpg
images.1plus1.video/playlist-1/118669/ Frame E132 84 KB
84 KB 51ms
49ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/118669/f0ee1990bc109bdc1d80ced614848fbe.220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e52ce9aedd00c17de0baddbfc8112577c1a48f3d1c8aee25953a53feb7281d7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Thu, 23 Sep 2021 09:37:45 GMT
server: nginx
etag: "cd80b64d6e8b1fb3fb0449e270085489"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 85922
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 68f1d6db63b02b275cfc2427fb1527bd.220x330.jpg
images.1plus1.video/playlist-1/229/ Frame E132 118 KB
119 KB 69ms
68ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/229/68f1d6db63b02b275cfc2427fb1527bd.220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: a3eb4ecc51f5edd11da1af7ad648fb4ff5efda6460f4c1584903390d82a8ddec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Tue, 04 Jun 2019 10:01:26 GMT
server: nginx
etag: "8844ae94e5155e3c5e8df6159529af3a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 121065
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 b1ac6f7602909d192d06385c796ae330.220x330.jpg
images.1plus1.video/playlist-1/96592/ Frame E132 63 KB
64 KB 85ms
84ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/96592/b1ac6f7602909d192d06385c796ae330.220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 23f6147ca5720cc69303cdbdf8ddeb002ec83b6eb14d3c914d16f965b792b32e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Mon, 29 Mar 2021 06:16:13 GMT
server: nginx
etag: "7fce4d861b6eeccb81f0a025c5d3765c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 64943
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 220x330.jpg
images.1plus1.video/playlist-1/3093/ Frame E132 10 KB
10 KB 85ms
85ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/3093/220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 0fb1468e01fc61820e905556d9a6bfd354404ea647b17db099f5913efa77658a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Fri, 27 Oct 2017 06:57:22 GMT
server: nginx
etag: "0d77b2184841ac8a117fae5b4a32808f"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 9804
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 370c2b73c5a49b7670bbcbdc1171051f.220x330.jpg
images.1plus1.video/playlist-1/3467/ Frame E132 21 KB
22 KB 64ms
63ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/3467/370c2b73c5a49b7670bbcbdc1171051f.220x330.jpg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: cfd5a04c696bf13721ea7b8d1094c8432135fc5f9d457ecf2c1d80bcf87e2235

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
last-modified: Mon, 04 Jan 2021 09:14:05 GMT
server: nginx
etag: "327c4784d853ead9eb1f0309f353b8d9"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 21916
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:18 GMT
expires: Thu, 30 Sep 2021 15:31:18 GMT

GET
H2 200 bridge3.481.0_uk.html Show response
imasdk.googleapis.com/js/core/ Frame 0E9A 576 KB
189 KB 17ms
17ms Document
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.481.0_uk.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e9ecc60a57f40a1b302033756775da1fc7272d9856a92dad5e71a36e2f8f0ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.481.0_uk.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.video/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 193316
date: Mon, 20 Sep 2021 20:50:54 GMT
expires: Tue, 20 Sep 2022 20:50:54 GMT
last-modified: Mon, 20 Sep 2021 20:26:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 240024
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame E132 44 KB
17 KB 85ms
23ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Sep 2021 15:31:18 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame E132 107 B
165 B 24ms
22ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1plus1.video

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 redot.js Show response
gaua.hit.gemius.pl/_1632411078200/ Frame E132 2 B
210 B 25ms
24ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/_1632411078200/redot.js?l=107&id=ByA1NmOpnbt8LmYqyjQkWrd8.l0YgocyqLXiHjiJayv.h7&et=data&hsrc=3&extra=_EC%3Dstreamcontent%7C_SPI%3D1632411078030%7C_SP%3DE2fzXbha%7C_SPD%3D1plus1.ua%7C_SPV%3D100%7C_SPR%3D849x477%7C_SC%3DE2fzXbha%7CcurrentDomain%3D1plus1.ua%7CcurrentNetwork%3Dhome%7CprojectID%3D128902%7C_SCV%3D100%7Cmute%3Dfalse%7C_SCR%3D849x477%7C_SCT%3DStarodavni%20tradiciyi%20guculivsirovariv%20ta%20sekreti%20virobnictva%20karpatskih%20tverdih%20siriv%7CvideoType%3D3%7CUserType%3DNotAuthorized%7CCategory%3DENT_AVT_1P1%7C_SCD%3D3189%7C_SCTE%3DVideo%7C_SCPD%3D20210612%7C_SCTY%3D1%2F00%7CcontentType%3Dfun%7C_SCTT%3D1&eventid=0&fr=3&tz=0&fv=-&href=https%3A%2F%2F1plus1.video%2Fvideo%2Fembed%2FE2fzXbha%3Fl%3Dua&ref=https%3A%2F%2F1plus1.ua%2F&screen=1600x1200r1000&col=24&window=849x477&ltime=61&lsdata=p1_FlToNTrynJgUdYW4_xG62oJyFMZBoKYN_jglk95z.87jBnMOTAhPyFRoQWRYjSm9NNFUWoY55ihYptkQNzoeUW5kc/QcJRI68bk9G_f/&fpdata=-TURNEDOFF&vis=1
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:18 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 2
expires: Wed, 22 Sep 2021 15:31:18 GMT

GET
H/1.1 200
OK / Show response
api.1plus1.video/home/vmap/ Frame 0E9A 7 KB
2 KB 63ms
62ms XHR
application/xml 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/home/vmap/?s=1plus1.ua&r=YUhSMGNITTZMeTh4Y0d4MWN6RXVkV0V2&w=849&h=477&c=E2fzXbha&d=web&p1v=0&pid=128902
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.481.0_uk.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: b7270eebdd28e36429f0d0e219d7218f784b37037ae502644291f27df00d3cbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:18 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/xml
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
200 B 23ms
23ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://1plus1.ua
Date: Thu, 23 Sep 2021 15:31:18 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 24ms
23ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1plus1.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 26ms
25ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1plus1.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 299 KB
61 KB 554ms
553ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2232814433520111&correlator=2935248104235594&output=ldjh&impl=fifs&eid=31062393%2C31062885%2C31062918%2C44749397%2C21065724%2C44750894&vrg=2021092201&ptt=17&sc=1&sfv=1-0-38&ecs=20210923&iu_parts=82479101%2C1plus1.ua%2C1plus1_300x600%2C1plus1_1250x250%2C1plus1_300x250_2%2Ccatfish&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5&prev_iu_szs=300x600%7C300x250%2C970x250%7C750x250%2C300x250%2C1440x180&prev_scp=Project_1plus1%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_1plus1%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_1plus1%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7CProject_1plus1%3DMain%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&cookie=ID%3Dd4587c86f7328117-222962b64ac9007c%3AT%3D1632411077%3ART%3D1632411077%3AS%3DALNI_Mb4wWjIWqT_YfnaDiDRicWsS3tcvA&bc=31&abxe=1&lmt=1632411078&dt=1632411078893&dlt=1632411076418&idt=1099&frm=20&biw=1600&bih=1200&oid=3&adxs=1130%2C315%2C1130%2C80&adys=820%2C1575%2C4573%2C1020&adks=887870088%2C3836652839%2C695559250%2C2198103003&ucis=1%7C2%7C3%7C4&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2F1plus1.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250%7C1180x250%7C300x250%7C1600x-1&msz=300x0%7C1180x0%7C300x0%7C1600x-1&ga_vid=691999109.1632411077&ga_sid=1632411077&ga_hid=1905960819&ga_fc=false&fws=4%2C4%2C4%2C516&ohw=1600%2C1600%2C1600%2C1600&btvi=0%7C1%7C2%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

c747269afdd05dd3e95759f3d697cd767d460fc40dd7f49ba902885c9ec70e70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61992
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://1plus1.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 99A6 6 KB
4 KB 101ms
22ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 23 Sep 2021 15:31:18 GMT
expires: Fri, 23 Sep 2022 15:31:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 46ms
22ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210921&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd955a4d730135b20202bb16511db09148c99ad811c7fa514d01c101f99e1966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8633
x-xss-protection: 0

GET
H/1.1 200
OK Cookie set E2fzXbha Show response
1plus1.video/video/embed/ Frame E132 11 KB
6 KB 75ms
74ms Document
text/html 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: b3a53c332e45aa0018f221153024540343536fb532449694cf81d710c9a5b5a9

Request headers

Host: 1plus1.video
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://1plus1.ua/
Accept-Encoding: gzip, deflate, br
Cookie: _opov_sid_=0u7pae4in788rgv3sikr6ganaq; _opov_hid_l=57095b73-e122-5cf9-a593-d2ca0ccf01e9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

Server: nginx
Date: Thu, 23 Sep 2021 15:31:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: _opov_sid_=0u7pae4in788rgv3sikr6ganaq; expires=Sat, 23 Sep 2023 16:31:19 GMT; Max-Age=63072000; domain=.1plus1.video; path=/; secure; SameSite=None; _opov_uisl_=0; expires=Sat, 23-Sep-2023 15:31:19 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Sat, 23-Sep-2023 15:31:19 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Sat, 23-Sep-2023 15:31:19 GMT; Max-Age=63072000; path=/; domain=.1plus1.video _opov_uisl_=0; expires=Sat, 23-Sep-2023 15:31:19 GMT; Max-Age=63072000; path=/; domain=.1plus1.video
Content-Encoding: gzip

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 100ms
35ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 23 Sep 2021 15:31:19 GMT

GET
H/1.1 200
OK ovva.0.3.0.css
1plus1.video/static/player/css/ Frame E132 171 KB
26 KB 43ms
43ms Stylesheet
text/css 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/css/ovva.0.3.0.css?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 7426a6e81ee72c73354b41046a03c36f43578de921153c7bc5d85229bb7a9bb3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:19 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 12:33:59 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:31:16 GMT

GET
H/1.1 200
OK ovva.0.3.0.js Show response
1plus1.video/static/player/js/ Frame E132 196 KB
68 KB 78ms
78ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: 80590ab9a655471fcfc3b9b5eeb31839df6b81578a940a95b8cd778fd54db2b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:19 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Aug 2021 07:08:42 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:26:31 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame E132 97 KB
38 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1e93a05ff1f25e9d6edad765934514cc2fe3665004528f8c6759ca604d6c652d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39303
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 23 Sep 2021 15:31:19 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 53EC 12 KB
5 KB 316ms
14ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 23 Sep 2021 14:02:45 GMT
expires: Fri, 23 Sep 2022 14:02:45 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5314
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 208D 783 B
943 B 26ms
25ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

93f1be532a3cec387aa659484bd4cba2e729e26d87d57c0deea59ac9cdfc4fb3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5hNdFm46FJ3Nqt1auNzisQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 23 Sep 2021 15:31:19 GMT
date: Thu, 23 Sep 2021 15:31:19 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-5hNdFm46FJ3Nqt1auNzisQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 208D 0
0 68ms
68ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210921&jk=2232814433520111&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1 200
OK l.js Show response
api.1plus1.video/u/ Frame E132 898 B
2 KB 61ms
60ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/u/l.js?p=128902&l=ua&f=0&auth=1&login_profile=1&_t=1632411079279
Requested by: Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 25a9c429df7670c014ab6547b263479f01af5876d705d0e29a14e5433b1bf891

Request headers

Referer: https://1plus1.video/
Origin: https://1plus1.video
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:19 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://1plus1.video
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame E132 120 KB
45 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WPC3Q76

Requested by

Host: 1plus1.video
URL: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9fbd16f2185f5ff5b9f523eda17f2e230fc630cea6b158e95156ac0053017a1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45649
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 23 Sep 2021 15:31:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame E132 48 KB
19 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-104502981-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 2359
date: Thu, 23 Sep 2021 14:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Thu, 23 Sep 2021 16:52:00 GMT

GET
H/1.1 200
OK api.auth.0.0.5.js Show response
api.1plus1.video/static/js/ Frame E132 108 KB
33 KB 43ms
43ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.auth.0.0.5.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Requested by: Host: api.1plus1.video
URL: https://api.1plus1.video/u/l.js?p=128902&l=ua&f=0&auth=1&login_profile=1&_t=1632411079279
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 974f2bbaea34f0c01bbaf12d439695df1a579ce8274180da38cf8f1771fdcb49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:20 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Aug 2021 07:08:16 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:30:04 GMT

GET
H/1.1 200
OK api.auth.css
api.1plus1.video/static/css/ Frame E132 56 KB
9 KB 54ms
53ms Stylesheet
text/css 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/css/api.auth.css?_t1014811068177
Requested by: Host: client
URL: about:client
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:20 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 11:47:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:31:19 GMT

GET
H2 200 container.html Show response
27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EABB 6 KB
3 KB 326ms
25ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 23 Sep 2021 15:31:18 GMT
expires: Fri, 23 Sep 2022 15:31:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 20ED 6 KB
3 KB 317ms
20ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 23 Sep 2021 15:31:18 GMT
expires: Fri, 23 Sep 2022 15:31:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 134C 6 KB
3 KB 309ms
19ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 23 Sep 2021 15:31:18 GMT
expires: Fri, 23 Sep 2022 15:31:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6D6A 6 KB
3 KB 302ms
17ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 23 Sep 2021 15:31:18 GMT
expires: Fri, 23 Sep 2022 15:31:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css
fonts.googleapis.com/ Frame E132 4 KB
728 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Requested by

Host: api.1plus1.video
URL: https://api.1plus1.video/static/css/api.auth.css?_t1014811068177

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

33a3fdc40352c38d67dc1ca75dd2acc8280c0ef1b6402d81fe45e8afd528cb65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://api.1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 15:28:12 GMT
server: ESF
date: Thu, 23 Sep 2021 15:31:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Sep 2021 15:31:19 GMT

GET
H2 200 WOdvqX5MrEWan8NE-dDT01W_bgveDh48divqo2Vh5b0.js Show response
pagead2.googlesyndication.com/bg/ Frame 53EC 35 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WOdvqX5MrEWan8NE-dDT01W_bgveDh48divqo2Vh5b0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58e76fa97e4cac459a9fc344f9d0d3d355bf6e0bde0e1e3c762beaa36561e5bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 13:57:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5628
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 23:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 23 Sep 2022 13:57:31 GMT

GET
H/1.1 200
OK hls.light.min.js Show response
1plus1.video/static/player/js/ Frame E132 153 KB
53 KB 43ms
43ms Script
application/javascript 195.137.240.88
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://1plus1.video/static/player/js/hls.light.min.js
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.88 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front02.1plus1.ua
Software: nginx /
Resource Hash: bd9072da49e87b2c3688527532eb51a54a6886366915be497e4e2de0c83e5859

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/video/embed/E2fzXbha?autoplay=0&l=ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Mar 2019 13:06:09 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:26:51 GMT

GET
H2 200 92d3195f325a4d45ee303ab9d892d5b3.custom.jpg
images.1plus1.video/card-5/E2fzXbha/ Frame E132 475 KB
476 KB 52ms
51ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/card-5/E2fzXbha/92d3195f325a4d45ee303ab9d892d5b3.custom.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: bc612c0463c547f2d209aebf6d513fe30242194a0c14739ac81495248c0c4d66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Tue, 15 Jun 2021 14:24:37 GMT
server: nginx
etag: "c7be8b09dd21bd3fc4aad93543f193e6"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 486113
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
DATA 200
OK truncated
/ Frame E132 369 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f9ecc527406b9b72bc3a9f4527892dcf842584b7e6aeb7ce816a4c7c8803954

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 mem8YaGs126MiZpBA-UFUZ0bbck.woff2
fonts.gstatic.com/s/opensans/v25/ Frame E132 9 KB
9 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v25/mem8YaGs126MiZpBA-UFUZ0bbck.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1plus1.video
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 16:31:57 GMT
x-content-type-options: nosniff
age: 82762
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9400
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:34 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 22 Sep 2022 16:31:57 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v25/ Frame E132 14 KB
14 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v25/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1plus1.video
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 16:31:57 GMT
x-content-type-options: nosniff
age: 82762
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:26 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 22 Sep 2022 16:31:57 GMT

GET
H2 200 gplayer.js Show response
gaua.hit.gemius.pl/ Frame E132 22 KB
6 KB 25ms
25ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/gplayer.js
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 47bcd6300dc99708d9a484c5078936d8d812c884c88378e6b7eae949ae00063a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
last-modified: Wed, 15 Sep 2021 10:02:32 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 5965
expires: Fri, 24 Sep 2021 03:31:19 GMT

GET
H/1.1 200
OK 128902 Show response
api.1plus1.video/v2/ua/recommendation_projects/ Frame E132 3 KB
2 KB 73ms
73ms XHR
application/json 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/v2/ua/recommendation_projects/128902?cid=E2fzXbha&vct=3&_t171704499740
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: bd749937338d3e6a296bf29ef9854a92196c8880fc83a5082931017c74edbb48

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:20 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://1plus1.video
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 gemiuslib.js Show response
gaua.hit.gemius.pl/ Frame E132 38 KB
10 KB 39ms
38ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/gemiuslib.js
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 3b5162e97e0561b1a659efc32c3e0625a4f6ed0c9eaafd0f8b1c056e3074ab13

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
last-modified: Wed, 15 Sep 2021 10:02:32 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 10489
expires: Fri, 24 Sep 2021 03:31:19 GMT

GET
H/1.1 200
OK api.chat.0.0.1.js Show response
api.1plus1.video/static/js/ Frame E132 33 KB
13 KB 47ms
47ms Script
application/javascript 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/static/js/api.chat.0.0.1.js
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: 5053ab3f73bc9c12f1b5ced0dbfbeaf92f8484d6cca52239c7d5b1ba756e6c16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:20 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Feb 2021 14:23:21 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Sat, 23 Oct 2021 15:29:02 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame E132 345 KB
119 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b41e03561fcd66267e40478b43dfc163e850387b636883e84aa4c8947bf273a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121279
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Thu, 23 Sep 2021 15:31:19 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 89ms
32ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 12:50:28 GMT
server: nginx
etag: W/"6138b194-1532d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 24 Sep 2021 15:31:19 GMT

GET
H2 200 fpdata.js Show response
gaua.hit.gemius.pl/ Frame E132 281 B
353 B 26ms
25ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/fpdata.js?href=1plus1.video
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 27789660783e95976ed951e0868169b31911b8b95f10ad6b201dd32403a65c38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 281
expires: Sat, 23 Oct 2021 15:31:19 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 8CED 5 KB
3 KB 27ms
27ms Document
text/html 146.59.30.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ip104.ip-146-59-30.eu
Software: GHC /
Resource Hash: 1efcab4614844be6f15a1e305893923daefdabc9360d83f42b8f92496fe02c3f

Request headers

:method: GET
:authority: ls.hit.gemius.pl
:scheme: https
:path: /lsget.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.video/
accept-encoding: gzip, deflate, br
cookie: Gdyn=KlGPRRMGQMQGEMbm4BV5mRFissGM119iL6nxmGtjeQ6xlJrxss58IXKGbyjSssX2nsGfGnZwHQ2xx1GgxcxSD8CB0788MG..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
expires: Sat, 23 Oct 2021 15:31:19 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2721
content-encoding: gzip

GET
H2 200 220x330.jpg
images.1plus1.video/playlist-1/3093/ Frame E132 10 KB
10 KB 74ms
74ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/3093/220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 0fb1468e01fc61820e905556d9a6bfd354404ea647b17db099f5913efa77658a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Fri, 27 Oct 2017 06:57:22 GMT
server: nginx
etag: "0d77b2184841ac8a117fae5b4a32808f"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 9804
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 68f1d6db63b02b275cfc2427fb1527bd.220x330.jpg
images.1plus1.video/playlist-1/229/ Frame E132 118 KB
119 KB 55ms
55ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/229/68f1d6db63b02b275cfc2427fb1527bd.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: a3eb4ecc51f5edd11da1af7ad648fb4ff5efda6460f4c1584903390d82a8ddec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Tue, 04 Jun 2019 10:01:26 GMT
server: nginx
etag: "8844ae94e5155e3c5e8df6159529af3a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 121065
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 f0ee1990bc109bdc1d80ced614848fbe.220x330.jpg
images.1plus1.video/playlist-1/118669/ Frame E132 84 KB
84 KB 64ms
63ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/118669/f0ee1990bc109bdc1d80ced614848fbe.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: e52ce9aedd00c17de0baddbfc8112577c1a48f3d1c8aee25953a53feb7281d7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Thu, 23 Sep 2021 09:37:45 GMT
server: nginx
etag: "cd80b64d6e8b1fb3fb0449e270085489"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 85922
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 220x330.jpg
images.1plus1.video/playlist-1/93/ Frame E132 12 KB
12 KB 64ms
63ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/93/220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ff4f5f0bca4fd9b34c725fd203fa825eda8f562505eb3e64f1d16eecaf914bdc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Fri, 27 Oct 2017 06:55:00 GMT
server: nginx
etag: "0c4fc3c35b7f1f3f26b840ee8cd66a63"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 11830
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 200x335.jpg
images.1plus1.video/playlist-1/172/ Frame E132 9 KB
9 KB 147ms
146ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/172/200x335.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 3414b58bed1def0f8a1f6eb4d0a00aefe269558f7c83e4991514f7557906d5d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Fri, 27 Oct 2017 06:55:21 GMT
server: nginx
etag: "0f22fa88b853950fb893bc821641989a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 9066
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 08889206d0bc6f22496fd04b86041fed.220x330.jpg
images.1plus1.video/playlist-1/326/ Frame E132 91 KB
91 KB 74ms
74ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/326/08889206d0bc6f22496fd04b86041fed.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 176cec0c0610df2346dd22066f273900fa263f1071814b001d07ffbd654b9eda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Sat, 13 Feb 2021 11:59:34 GMT
server: nginx
etag: "70c7ed91bbef141e65887484066b2093"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 93213
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 370c2b73c5a49b7670bbcbdc1171051f.220x330.jpg
images.1plus1.video/playlist-1/3467/ Frame E132 21 KB
22 KB 74ms
73ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/3467/370c2b73c5a49b7670bbcbdc1171051f.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: cfd5a04c696bf13721ea7b8d1094c8432135fc5f9d457ecf2c1d80bcf87e2235

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Mon, 04 Jan 2021 09:14:05 GMT
server: nginx
etag: "327c4784d853ead9eb1f0309f353b8d9"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 21916
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 e485c59dbdef7658e904030fb9920eba.220x330.jpg
images.1plus1.video/playlist-1/5589/ Frame E132 79 KB
79 KB 96ms
96ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/5589/e485c59dbdef7658e904030fb9920eba.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: ab61b686264fb40bf1a51907f060d0e3b703c1b5494c65cf138f41093097b925

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Mon, 16 Aug 2021 09:32:14 GMT
server: nginx
etag: "92a8e74968827b37f814d4484dbe3a47"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 80808
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 fa026e772cfd5e39f5c43fb03bea1247.220x330.jpg
images.1plus1.video/playlist-1/101800/ Frame E132 77 KB
78 KB 63ms
63ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/101800/fa026e772cfd5e39f5c43fb03bea1247.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 7f4b62d09dc30ffd1f6943c722fc053199beca02c3a5962264608d05ec583484

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Thu, 23 Sep 2021 09:32:32 GMT
server: nginx
etag: "1ac7c7bca48ad0b6bf49709fb825bd52"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 79302
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 b1ac6f7602909d192d06385c796ae330.220x330.jpg
images.1plus1.video/playlist-1/96592/ Frame E132 63 KB
64 KB 73ms
73ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/96592/b1ac6f7602909d192d06385c796ae330.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 23f6147ca5720cc69303cdbdf8ddeb002ec83b6eb14d3c914d16f965b792b32e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Mon, 29 Mar 2021 06:16:13 GMT
server: nginx
etag: "7fce4d861b6eeccb81f0a025c5d3765c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 64943
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 19a348d8fe46d988addecabea5bddcd4.220x330.jpg
images.1plus1.video/playlist-1/70406/ Frame E132 83 KB
83 KB 78ms
78ms Image
image/jpeg 195.137.240.20
ASN-UNIAN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.1plus1.video/playlist-1/70406/19a348d8fe46d988addecabea5bddcd4.220x330.jpg
Requested by: Host: 1plus1.video
URL: https://1plus1.video/static/player/js/ovva.0.3.0.js?v=70753cb3fc5d531a04cdc034d7896f3739870b60
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.137.240.20 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: images.1plus1.ua
Software: nginx /
Resource Hash: 6e1fab0987211581657a25273dce874d533e7aec592668da6e72ef855ad0759c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
last-modified: Wed, 03 Mar 2021 14:22:50 GMT
server: nginx
etag: "ccd267cf844bad94a287cbf9cf26821e"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 85082
accept-ranges: bytes
x-1p1-cdn: BYPASS; Thu, 23 Sep 2021 15:31:19 GMT
expires: Thu, 30 Sep 2021 15:31:19 GMT

GET
H2 200 bridge3.481.0_uk.html Show response
imasdk.googleapis.com/js/core/ Frame 141A 576 KB
189 KB 15ms
15ms Document
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.481.0_uk.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e9ecc60a57f40a1b302033756775da1fc7272d9856a92dad5e71a36e2f8f0ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.481.0_uk.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.video/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 193316
date: Mon, 20 Sep 2021 20:50:54 GMT
expires: Tue, 20 Sep 2022 20:50:54 GMT
last-modified: Mon, 20 Sep 2021 20:26:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 240025
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame E132 44 KB
16 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Sep 2021 15:31:19 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame E132 107 B
165 B 26ms
25ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1plus1.video

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 70ms
70ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210921&jk=2232814433520111&bg=!YGOlYyfNAAZNQyuQTUM7ACkAdvg8Wk61xD1pcD5UVd4OILsw2KcZx0Kv8bD3cC4JkYf23ZaSvAOnuAIAAAB0UgAAADRoAQcKANKSZIhdKREkKxstmoGb8y9Kozf01azCEvel0rGNeW-gtg10c4_77doZFEUMSjn9w5pKz2Io7hhjvS_mMJHwY_zdztDlwdSTQXiCrVSxXjN3I17bwG5sziFG6JAcX0R6gZVDSsFNkjMQfspsYD57Xs_u7W8KSFoUEAgZHD-_TeT3-CVfwQMdfJ-d2_ki_tRahN8D4djdZFUQrPwc-nX8Ojwc69_qu7Yq6I5Lbp6x7y2NxdacfQFUVYvsxuyB6tlfJBQts_5WOPWAB6fpBBDoqC8DvN2ZArGjFUGJQ7nYEnojgbt7U6FyJnDYpf3DSTWbrqHWL7j6A3S2pEwEoQ3VUXhHT1m2LarFhi4bJh9Wu11rUflymPRNLiDOC4UJiHNgnoSwWGiUWQXYc6xUur1e__hG1E3_ELQ1lBFrhrNdZec37h3p8vUvsp70kk8-kdeBzhKeIItpy0M15lqxYWKWcK6SbyDH1JgAx5pNo3gUkUf1dp_GZVfcuk3BXRXpcu2XQ-CTUOhwhzaAb7I_6noqmsXuFtoSdQYZF1S67b7yXnQ6rI4mzMQfO5lbKLsTbHG5ildR1rRJ9QYHRp_5UFSWcq8j-Vq_dj-Wqw9ZCdjSGzXj_hiUGKC5DYbG20xl6yge3OuhFIJTyVr6KQvneEDl3xbgJc7xS29zcZdwZEhqBibj4a1kqPyy197rrmDLOicRiJomyH7pXSdjHOmFUpSefXg2myktHrS9cR7IOJhLLb_Hn9n5t6tcRjJF4weg_I6wGe5WjJchuoWPqZkQJN3949QzCKMQqxMkwpYqQLjdvmW3mMxX3GhsDVg43jSucsBx1ypXZRqaX4MfpVV2oze-E0r423xE-ga6lZabzSO-GbTeDtzcd5AmsGzJj0WnNq2eXR7ggduO4YTBrCBG0c_zIrf7MVAbn76vBU9U0PpNII47N5bWr0EJu0f3W0AbXB9PyiOOyQ7lYdyyEa00e4_WQBm14-4sZYZNe5N01rSdAlwfFuzf_wixBV1FUSHYeKvLz4v-1sCFcQg1glj_62GwOAOfeegeY0Rj2qou91pGPg3wBHOwrSm65PWl_tZS49nt3Ex2OF5KGULIx6p53E9haBQuSzj4KPyzA1a2hRjTmERC5KWcrWL3RDs8pZEZO_xG4hQ6PEWhiwaSFk3qMBSCm9bsyVjpVJ-Rn6VuBNHVMvjH1y7Y2O55Pw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 64AD 11 KB
5 KB 30ms
27ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=1plus1.ua

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

371f0ceab6655c8448f64525b1d11186cb67ca91398655ddf145c93d77964f91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=1plus1.ua
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1plus1.ua/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1932
set-cookie: uid=14c696a3-65cf-422b-b1e9-bf4caa40feab; expires=Tue, 18 Oct 2022 15:31:19 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Thu, 23 Sep 2021 15:31:19 GMT
content-length: 4664

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 74ms
33ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 12:50:28 GMT
server: nginx
etag: W/"6138b194-1532d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 24 Sep 2021 15:31:19 GMT

GET
H2 200 redot.js Show response
gaua.hit.gemius.pl/_1632411079814/ Frame E132 2 B
210 B 33ms
25ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/_1632411079814/redot.js?l=107&id=ByA1NmOpnbt8LmYqyjQkWrd8.l0YgocyqLXiHjiJayv.h7&et=data&hsrc=3&extra=_EC%3Dstreamcontent%7C_SPI%3D1632411079870%7C_SP%3DE2fzXbha%7C_SPD%3D1plus1.ua%7C_SPV%3D100%7C_SPR%3D849x477%7C_SC%3DE2fzXbha%7CcurrentDomain%3D1plus1.ua%7CcurrentNetwork%3Dhome%7CprojectID%3D128902%7C_SCV%3D100%7Cmute%3Dfalse%7C_SCR%3D849x477%7C_SCT%3DStarodavni%20tradiciyi%20guculivsirovariv%20ta%20sekreti%20virobnictva%20karpatskih%20tverdih%20siriv%7CvideoType%3D3%7CUserType%3DNotAuthorized%7CCategory%3DENT_AVT_1P1%7C_SCD%3D3189%7C_SCTE%3DVideo%7C_SCPD%3D20210612%7C_SCTY%3D1%2F00%7CcontentType%3Dfun%7C_SCTT%3D1&eventid=0&fr=3&tz=0&fv=-&href=https%3A%2F%2F1plus1.video%2Fvideo%2Fembed%2FE2fzXbha%3Fautoplay%3D0%26l%3Dua&ref=https%3A%2F%2F1plus1.ua%2F&screen=1600x1200r1000&col=24&window=849x477&ltime=89&lsdata=VLRgyf_TUB3NKTPsZO.b7vp58pvsn9Q1SQ1tKWJ3Vk3.C7SgZ1.OOXPYasa_k0ew01Jk0kLNFCIuCjgju_z.8bajaQQ0/M15uKO0Grn0Oo/&fpdata=-TURNEDOFF&vis=1
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/gemiuslib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.video/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:19 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 2
expires: Wed, 22 Sep 2021 15:31:19 GMT

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
200 B 20ms
20ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://1plus1.ua
Date: Thu, 23 Sep 2021 15:31:19 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive

GET
H2 200 v3_298309_4139.json Show response
player.adtelligent.com/prebidlink/2720685/ 61 KB
6 KB 8ms
7ms XHR
application/json 213.174.135.2
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/2720685/v3_298309_4139.json?cb=1plus1.ua
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_298309_4139.js?cb=18893
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 6e9a2212524de9af4028553d334fb40d87473dab754c181a4363d415db080257

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1plus1.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
last-modified: Thu, 23 Sep 2021 12:18:07 GMT
server: nginx/1.18.0
etag: W/"614c707f-f4ef"
content-type: application/json
access-control-allow-origin: https://1plus1.ua
expires: Thu, 23 Sep 2021 16:31:19 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 css
fonts.googleapis.com/ Frame 6D6A 3 KB
651 B 22ms
22ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 15:24:02 GMT
server: ESF
date: Thu, 23 Sep 2021 15:31:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Sep 2021 15:31:19 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame 6D6A 1 KB
1 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:12:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 852
x-xss-protection: 0
server: cafe
etag: 14170629819630813772
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:12:53 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6D6A 0
0 51ms
50ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8hu-xp1MYY6UO5nggAeGuLCwCNOdrqVlzeyChKYOZBABIP3_hSNgleKQgqAHoAHMqLDgA8gBCakCqJr-i_Opsz7gAgCoAwHIA8sEqgTOAU_Q6Mtj7-xMFt3sKP_mdSmA_5Ap0wOxc_OFYF8iDp_5tdnBU43v_xmzdmueJHAcY_9EJDneoPrjRDShJDpxfQqgiPWN96n3IymadhtKdaZeeJsmsDwwdGThy6B5YxRas_p26XQWhk_qivULG6sJwG0JuEjaOaM9fN8nogp-l55e1rciJlu2EjAj8l0HZZaJMAkx57YLiN-jwQdLN76jp1_POUmrykvRI40vpnQ2SqzbcwGaITM9hBU5J5LnRBwaHkOhJzB3dJxF7XMuQJGCwATW0s-83QPgBAGSBQQIBBgBkgUECAUYBKAGLoAHnPKyIKgH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhvYBwDyBwQQmoYM0ggJCIDhgBAQARgdgAoDyAsBmAzzxvj0qgO4E4ME2BMO0BUBmBYBgBcBshceChwIABIUcHViLTkxMzgyNDc2NTM3NTQ1MzMY1dsW&sigh=knQjY-XAlFg&template_id=515
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/ Frame 6D6A 18 KB
8 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/abg_lite_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

830527b04ff3e5ae7d8f62ecb5f1aa2ece85a7a741b332051561787b52ddffcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:20:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 678
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7635
x-xss-protection: 0
server: cafe
etag: 15605042170853735879
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:20:01 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame 6D6A 3 KB
1 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/window_focus_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:50 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6D6A 128 KB
39 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39662
x-xss-protection: 0
server: sffe
etag: "1632310973010379"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Thu, 23 Sep 2021 15:31:19 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame 6D6A 14 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8144ce2cd5918de3beabc8fd113ab560103033fae3956e093b688cda5732a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 133
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6232
x-xss-protection: 0
server: cafe
etag: 15606800361334891596
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6D6A 0
0 23ms
22ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQK__NnKfgw6K2N9X3Wjr2_7U-LjrtEChdYu0K69y1ZvEEIUs0mtb0dUVD9ZZ34uHC627e2-ivhtg6N7-vK7B8AuBViXA
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 730400e8020df307e81d4efe9cf79fce.js Show response
www.gstatic.com/mysidia/ Frame 6D6A 27 KB
11 KB 68ms
14ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/730400e8020df307e81d4efe9cf79fce.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e359ae3a06ae02c38ba2d09707dee364ab18c64164e7a739eae142294d8dd499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 09:36:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11108
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 09:11:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Sat, 18 Dec 2021 09:36:02 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F77A 624 B
344 B 26ms
26ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARi6x_mzATAB&v=APEucNVP9UBtgEcZi6PfpC3kiLg0TMorD_mwVwEDoGMrrz17sb0PoBPpaoVpcsNZtruIKogqyMC1hqN0LsLedM_t5abYqKeYKPnZ-WLj6Jz7ptUDRDJH2IIMjWp4PSEvhT8WpkG-UBLcwd8N1zfqO5vbN7V7cKkSLgFJTlhDmFIzphHjDIqWYIk

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMD3swEQ28u5ARi6x_mzATAB&v=APEucNVP9UBtgEcZi6PfpC3kiLg0TMorD_mwVwEDoGMrrz17sb0PoBPpaoVpcsNZtruIKogqyMC1hqN0LsLedM_t5abYqKeYKPnZ-WLj6Jz7ptUDRDJH2IIMjWp4PSEvhT8WpkG-UBLcwd8N1zfqO5vbN7V7cKkSLgFJTlhDmFIzphHjDIqWYIk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUk_wV5chyZkJVX8skA1Yhe6o5bHwPn4FIv7Xj-HEehXIk-ZWXVbOJmjxGJ4lZ4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 23 Sep 2021 15:31:19 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 134C 71 KB
28 KB 47ms
38ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwUZvKzQygdIc0gtBOk6qcFwvCm8CktoeW7vob_xUQ1AZCHiHrisraC_K1b8K-Fs2f4pk43q88lr83A-Z3CM0vfrj6AxESoyO9FTJk6-dWM-bz-AfwFniWeboPXctNL2uN46-tErzhicZewSQ_0x-pH5ioRw&dbm_d=AKAmf-CFW4CrZHf41VYs_d7hznYDk03ZLvA4Cf9M6bVBrZh05HyISxGKu2slCaqmjkDMV32nMSQzrQgMr2dGxCbWcXAtpRVvzEjWIHs4ILOvxMLvzU2j9jGsZOjpHaTHVDd0GXl7m7EmXROMd8mG0d6OcVi7u2v6l5FqhssfqAliBdmt59gIa9UBPU19EMdVn0PZO8wtdNyCdHZ3uJfv72MQnxWfErp8JUQd7u0A7-OV7PVE-WsNiTyeLfqm9a6OkWKGfI6NIM95jsI7-o4AKCyxQyI3dMXys-l1o4z-hEkydTiyFtSpgiWa7ehKJtrHa0wtORVu3v6dat4zBjowavbzzAkPCoWW0qCDHCj2JPT8sNttRoZax7DZQ2TyZnV4Kmi79YI5sZS22j44-4csXhw9VeMtHlgDHtYCw7fzcawOXtN1KUtpdJt8RTexrr8WA7O9eiKZJ-pH_tc29V63yYST9KKfJxFpmOKRCgcdSSbjK0ee569fepNAMhaHGTqvRvv8Jf9aBY-dIZujTAogIAVPp4WHHe1FVXuuba635iEoSVZkgTNqnB8w2ymPJk5YU50uOF1XpFAGSZbFimKFX69NqYWmhAJJ44jxQX_SbuiNXHOmfMskGtbcLKb0ngRebdQCO7e87pH-ucz7Y_6ntLwKRoDSa-RivFs-VshlUQ9x-ObNzcMPy_6FdCUZX3TMxIlFjMYfrw6Tzx1xsKmFfuFbvHFRUkXN-HVpnuTA570NSAMJDUmEKQ0VJo6q8AI7gpZztnpJ2Jff0gAQvanAj0MGunIhw1RtUMeo9oPoCcVhAvhoXJ_BHIKHzCSeP8Wr0OAk1VJm2HVnmvey2z4kL4TjaeCIprArKjgKhS2_0Dq7tGE4724oLcYvR0qMGZnolEnasJEIM3pi9OiaL7lM6JrA9SZZvtz5MXjPDbAI7zfi7Uea3u4-uuMxFRmlcB93l5vgW-ClohtxOjS3LRsu-aISNOcdfDnul7yWDRIyfDMXJmB4Jxkp-RfgkW8Wr7KiGHygOjOkf7zHXEbxN7XVT27doZV7Lskf3gtlHxJErS9zGbJFFJrS-fNRmI2OQ2uO1FzVBx6mMD_DQBnLGZ1AqxSgazsa_B7tGI76BCGWEPJs6ttU14rY3jdjpTYIOBsvjbliZVmCR1m2ZBO5D-t3M6GhUCIz1oRGeb6unDkJm_Rb8SZP6ky4O-bDXMFswGX97AP94_klNYTi2UdO8ngIPH7ydCv4sEoqH4Hxs2D0lFVgzKMuFd0irzap7C07t4EUw_T_-dozj65BdQz8rrc95UXKq3IZ-1vxYkeKi6ZXyBTvup1xmf_AfV6ps_x4lt-_O80l3lbcilVp4tz-WAYoIYKPxkAnfbv_g1HHULx8oexoY1QcG0zd8AzT2ceq3n8xSGpxoxX4AApu4gfncOpzncLiuxnaywVKL5nCuoSh5HQJzz0Q5P0xpUntV-PldB8LQeMLqowDtMfw7EARHimGR7sOlqUHiC4VWA-ZWSRrtdQnmLTSQpXME9pDosjMReUL6kR06fXtQO1KE2qo047Qinsh2M3tZD9ypY3NFDYyG4m2VPCuuDBxRKQqxtG8zkq0IeEU_Aif1Kv6yJz6r7mDXioxc9PbFrNizRipGs9dazYRfpaCfTIfiehVWlrsYmw15xqyR8n-PDpfKkMzlHQFh0jb50_3VhGUN2wxWLp7RNNYKhXIa0GG6NKTpWqTW6ZAq5yhBfm7DOoFnpQsCCPcktimfQfw1VygGsG5iv5ertmJ4cB8sLu5dhZlo0q9WfD90QqPgyYwa2a1FQ9aBIeUAz2t4W8QuznpyfWm4xDlNMQCmb8BV88Q2DdVes794AaqIl3n-0PQ3nGzaIRrVEC5vKGkk0jPOQ5LkZFviKWthT1kry2E3vJRRXICZSQQV4QLfwAsTloWF9JA9bq5r6mJK8DOiM1uUphS5CGlHAUYVOzdGNYAZj6ttVM7raGjDO1faKrnInCKMJ1gYZ-3ZPydgfbtYkS2das8lcWvdGCOTF0S9-kmBHZACTxwOlgjDwY2RIu5LzuT5K7FjJpl8tp7uTX0xY3noGTOTglAvOlTUZB_Djk_fKNQcY91TiiAkTG9yvi2nz6YOzHDdESo-hwPIOo6GK9Vq-enlgifzFidpmyB1nobIvuNgVS3ldfV1HmFFQ8Rg-9JreaySGaWdy9ZZ1RjSQYWL8DJW2jWBdY36MyZ8yfJC58P3q8YFv0KicgAn45Aq8e-2TrELfVoRDYdDKPAn39ECQP6nsHO4IgheBB0JGWohYORDPZGIqIoz-kWdQpWMwDIj2ifTA5jCHG6xRaorT5f8SksCjFM5nwnQX0ILJhF6NYKSIum7e1e3TsXSL47Ifl3DHiu1YW6-SN9AIfdPJ8PRHogR3S2lnOajwcWfmFYe1yORHxt74RnEGLqRr2FVsMwW_DyiYDN0xTzpPLcv0Zd71UOQ2WVa4ZU9egUUqelh8O8d2YO7glKDPUFo4Wic9GRj36qP6nxJfC6RZ089xz4ZKRoSE9z58EZTd9yKnQ7jPtV-qDdnZBtvmf9viSRIQpaOPJna-yc3a35Sg1WMIje9BfF-Ds2WH8TvzwNSJq3YmcJb2Eh8xCV5NVTq_FDqFNcda0MVdocBPqSLYEpiOjBcw6w4InnvVxzRuB9DAFei76gmCgP31INeTydlr2f6opFw0aSLfqBHKJh4oKZ5YpK730eclhQ4P7m9cvqmstgOaz7wNlnYLvjyfbPq69uMbYXHOrP0xgfp7lg2FzIatoma4eE6_uRGhFwn9DgLN7-LDiIX9DdioCK079rdR2f8z6Isn44f68VnzwawJFneORQMgJYRjqHDt1e7ynDOFEIdO_V4S3MqdE9zBBOyOXE69ZOoZmb1r661n4V8mikuWnYq9z5MUnQJgkt-zt8gzG8w-FKE4DojDxU1mbZdPb2OTvdZ5o39a3ORWbXmQroQv6bOV4S0KjN9GxmT8sBBTIyJpE_05Hpv0WYCS68AkSacDh7xgHIYPm51AnZ4V4lF6wU-8rmZg&cid=CAASEuRoSEccgab7hGUnkcee1TVKYg&rfl=1%2Chttps%253A%252F%252F1plus1.ua%252F%240

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd06a0087892d5fc2c48e739d0b78be40a85809aa1cc5a21f8cfffe5abe20e13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28707
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 134C 42 B
110 B 39ms
34ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CyAcrlLj8Yq5Htma1tK5lgSEWlD5f8UdwdxR0NFtUjF2NQ2HHZbIM154y9ejO0fNhZbsfh57AvCt7EFAThnJ8t-A13gKc4lcOHhgHjNnsaUd55KXA

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 134C 0
461 B 393ms
277ms Image
text/plain 2600:9000:21f3:a600:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn296963&cr=crtve&ce=googledv360&pc=googledv360_plc0001&ci=nlsnci2019&am=3&at=view&rt=banner&st=image&cy=1&gdpr=&gdpr_consent=&r=[timestamp]
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a600:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA2-C2
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: qBWdL3x13WBzlP6MNLfov0julqwnMcmDivl1Y6PRHTTRYkP4ZvmZdg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame 134C 3 KB
1 KB 23ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/window_focus_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:50 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 134C 128 KB
39 KB 33ms
29ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39662
x-xss-protection: 0
server: sffe
etag: "1632310973010379"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Thu, 23 Sep 2021 15:31:20 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame 134C 14 KB
6 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8144ce2cd5918de3beabc8fd113ab560103033fae3956e093b688cda5732a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 133
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6232
x-xss-protection: 0
server: cafe
etag: 15606800361334891596
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 134C 0
0 31ms
28ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRnKl1P64NV2xENMc_S8ex3LTthEy2ookZVWqoHlOlb8k6Je_mf0lPJ2F6pat2Mncui-L2AxHcAFPN1WqOsTRCw9qPkZg
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2AF0 0
0 37ms
36ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAp4Zxp1MYYyUO5nggAeGuLCwCMSzoJRcvtC4heUCwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxMzgyNDc2NTM3NTQ1MzPIAQmpAj5pL3qWJ4U-4AIAqAMBqgTVAU_Qs1pnCTMdTQvsum7fiE9qk6eAER1zqnBfk44bwUyW_9unQbBpEd-cM4vjN4ilYQiW-1cP2reSydqYEU6Tk6dNunj-9TTO36_cUTTa5ReyMNQX6LncrG0Huvbvjr_wmP8dx4IWgKaxMIkLTGNpUH7EjZFUVn0HG0g2bdpjamzEEFeFO7nZ3sfImWLLdlegeDpM9Se8-1q_h__QkT0IeDfyW_GJgoDs1hQxFl2v-f4st1VdcP646UfqBhtZ95m0w2mqk8pu32a5aWrtAA2mljKtlg5zCOAEAYAG_fv_gLfU9dQooAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTkxMzgyNDc2NTM3NTQ1MzMY1dsW&sigh=jZBMesCvC_4
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 2AF0 2 KB
2 KB 131ms
28ms Script
text/javascript 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=49494139;rtbwp=YUydxgAOygwK4DAZAAwcBrYomk_WTZ0KPIEC7Q;rtbdata=sE7aJDcJuejeUTB3XbRYVqrtvNmsEqgkFaHQXWcVwXOnsk2dIPoHqA6lzVbaIVSC22njRPWOMZVBvcOm1vSnGdoafEAV0XT-TAYhftW1hJ4-FlYYqlyVtAl77AqMFM24Mdc5-_W4HxVDuY_cHzRs97vX6WmMpKfT0fbn8kLwta3TKKO9RfQ2kqc-zYtGqpJyGcZnx0_mOBgQtZaS8SwCkbvGpvX0AsEB9HSyZIj8IVoRx_2tDow_ifP2teoVDEuNHqWs9WmNogH8bx_s1JcHCD1eSkNiOpcjvKYvaiqLMI9w-iQ4hD3WPPFW31esreEcw3iI60gHGBc1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=C3gxtxp1MYYyUO5nggAeGuLCwCMSzoJRcvtC4heUCwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxMzgyNDc2NTM3NTQ1MzPIAQmpAj5pL3qWJ4U-4AIAqAMBqgTYAU_Qs1pnCTMdTQvsum7fiE9qk6eAER1zqnBfk44bwUyW_9unQbBpEd-cM4vjN4ilYQiW-1cP2reSydqYEU6Tk6dNunj-9TTO36_cUTTa5ReyMNQX6LncrG0Huvbvjr_wmP8dx4IWgKaxMIkLTGNpUH7EjZFUVn0HG0g2bdpjamzEEFeFO7nZ3sfImWLLdlegeDpM9Se8-1q_h__QkT0IeDfyW_GJgoDs1hQxFl2v-f4st1VdcP646UfqBhtZ95m0w2mqk4hs0vQMu7GlzNbwROGqQ_V-HLTzYOAEAYAG_fv_gLfU9dQooAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE&num=1&sig=AOD64_120nf9x1uapK_zPqx6Q3bqZ_WRjA&client=ca-pub-9138247653754533&adurl=

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

6face93cd0af18a22c07b4fc1f3a0501fd670aa5d54165b07c3da4b9bc2fa7ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1708
expires: -1

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame 2AF0 3 KB
1 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:50 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2AF0 128 KB
39 KB 37ms
34ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39662
x-xss-protection: 0
server: sffe
etag: "1632310973010379"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Thu, 23 Sep 2021 15:31:20 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame 2AF0 14 KB
6 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8144ce2cd5918de3beabc8fd113ab560103033fae3956e093b688cda5732a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6232
x-xss-protection: 0
server: cafe
etag: 15606800361334891596
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2AF0 0
0 26ms
24ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQbkXj2tPqjb2yR7adIw9OzXErWgVBDAOhQjkRTY7MOJQ-GApHGs4G226DhVSp28okeauwQ2gYjutp9xsK6DF4jgT-POg
Requested by: Host: 1plus1.ua
URL: https://1plus1.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 2AF0 22 KB
7 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63253
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 22 Sep 2022 21:57:07 GMT

GET
H2 200 b349715971fc02f992e4cc58b88ce41f.js Show response
www.gstatic.com/mysidia/ Frame EABB 7 KB
4 KB 46ms
13ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b349715971fc02f992e4cc58b88ce41f.js?tag=client_fast_engine_2019

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac04af14591f59be711b015d623154f3cd61eab114e9ee33563a2b30d55202eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 09:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366548
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3166
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 09:11:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Sat, 18 Dec 2021 09:42:12 GMT

GET
H2 200 1886d0c1664003c29ef0511a997ece7a.js Show response
www.gstatic.com/mysidia/ Frame EABB 36 KB
14 KB 54ms
22ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1886d0c1664003c29ef0511a997ece7a.js?tag=local_product/lca_square_v3

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0f62c48c09bfc43caf70de1df8917631625badb54e3b2ce193bc69f56d37d9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 11:11:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14398
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 05:09:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 22 Dec 2021 11:11:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame EABB 5 KB
711 B 26ms
25ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2Cbold

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c733809a15b6fd666d9c4e02e6fbf1382e73b5fbbba07d4cf8c5f33046c035a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 13:49:09 GMT
server: ESF
date: Thu, 23 Sep 2021 15:31:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Sep 2021 15:31:20 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame EABB 1 KB
917 B 14ms
13ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:12:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 852
x-xss-protection: 0
server: cafe
etag: 14170629819630813772
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:12:53 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/ Frame EABB 18 KB
8 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/abg_lite_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

830527b04ff3e5ae7d8f62ecb5f1aa2ece85a7a741b332051561787b52ddffcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:20:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 679
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7635
x-xss-protection: 0
server: cafe
etag: 15605042170853735879
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:20:01 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame EABB 3 KB
1 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/window_focus_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:50 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EABB 128 KB
39 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39662
x-xss-protection: 0
server: sffe
etag: "1632310973010379"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Thu, 23 Sep 2021 15:31:20 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/ Frame EABB 14 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210921/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8144ce2cd5918de3beabc8fd113ab560103033fae3956e093b688cda5732a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6232
x-xss-protection: 0
server: cafe
etag: 15606800361334891596
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame EABB 0
0 22ms
21ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR3Y_FCnY8gPnZG37ltDFdJ2bh5GohY_58s42X0nPKkbICFeB3P4wDkwBtbpzEUbPHucnNnGD-ilMqdzRnIzAfANRz1-Q
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 730400e8020df307e81d4efe9cf79fce.js Show response
www.gstatic.com/mysidia/ Frame EABB 27 KB
11 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/730400e8020df307e81d4efe9cf79fce.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e359ae3a06ae02c38ba2d09707dee364ab18c64164e7a739eae142294d8dd499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 09:36:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11108
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 09:11:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Sat, 18 Dec 2021 09:36:02 GMT

GET
H/1.1 200
OK / Show response
api.1plus1.video/home/vmap/ Frame 141A 7 KB
2 KB 67ms
67ms XHR
application/xml 195.137.240.108
ASN-UNIAN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.1plus1.video/home/vmap/?s=1plus1.ua&r=YUhSMGNITTZMeTh4Y0d4MWN6RXVkV0V2&w=849&h=477&c=E2fzXbha&d=web&p1v=0&pid=128902
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.481.0_uk.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 195.137.240.108 , Ukraine, ASN29389 (ASN-UNIAN, UA),
Reverse DNS: front03.1plus1.ua
Software: nginx /
Resource Hash: a5d30e65ec090ce2a5bffd1e39c1e9a3b2084ffe1f4911e4eba57f66af4c4c87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:20 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/xml
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=15
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 18076485150489721097
tpc.googlesyndication.com/simgad/ Frame 6D6A 3 KB
3 KB 18ms
14ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18076485150489721097?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08b13e9bd202db706536afa6af63bdf52d90b660021f3eb3297f139d49ceb049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 10:54:05 GMT
x-content-type-options: nosniff
age: 275835
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3119
x-xss-protection: 0
last-modified: Mon, 03 Aug 2020 09:02:51 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Sep 2022 10:54:05 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 64AD
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=1plus1.ua&sn=ChromeSyncframe&so=3&topUrl=1plus1.ua&bundle=yD1fe19rS2JWUjdLVm9vZ1NIUml6a3pwUWlMJTJCWXoxREV5cVZpMHQwTHFrSXo3bmw0QVBDaEROZUZu...
https://mug.criteo.com/sid?cpp=JehQHnx3UGVZSlIybVljd20ydkJlQXBxdTcrOGxTdVkwUFBZWDZHNVYva0dNQ1BPZFR5Z0xYcDR6N0lxZDY1L3lWSDFBVnR5cnZOVmZpQ0Rvdm5OTkRrcTk1NnNnQTdDZkE5MnNrSlFiUjVpTnZVUnJqbUVVcmo2N2tWK3...

433 B
623 B

20ms
19ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=JehQHnx3UGVZSlIybVljd20ydkJlQXBxdTcrOGxTdVkwUFBZWDZHNVYva0dNQ1BPZFR5Z0xYcDR6N0lxZDY1L3lWSDFBVnR5cnZOVmZpQ0Rvdm5OTkRrcTk1NnNnQTdDZkE5MnNrSlFiUjVpTnZVUnJqbUVVcmo2N2tWK3NodHowK1lSVm9EalgwVmw0Qkc1VVRuVkdUWlVmV0tZbFpHQ2JKaENnNGZPb2VVL1FVRVc5empLRTU0Ky93RUUyd3haNFVWZjE3UkVCdGowQVBPMlFWSXE5NlFBaFBQZDQvMnNvays1U1hsZUp3eFllMzY5SXdwR3oyMExyOU1UWTh2dzZYNmNacWxKeWx0dFN0RVlaUVdZNFZVVTZRdz09fA&cppv=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

66c9891e4f5ffcc8a9d4bb2a2f388255a03fc64656607723d507e17de5888c06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 23 Sep 2021 15:31:19 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2582
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 23 Sep 2021 15:31:19 GMT
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=JehQHnx3UGVZSlIybVljd20ydkJlQXBxdTcrOGxTdVkwUFBZWDZHNVYva0dNQ1BPZFR5Z0xYcDR6N0lxZDY1L3lWSDFBVnR5cnZOVmZpQ0Rvdm5OTkRrcTk1NnNnQTdDZkE5MnNrSlFiUjVpTnZVUnJqbUVVcmo2N2tWK3NodHowK1lSVm9EalgwVmw0Qkc1VVRuVkdUWlVmV0tZbFpHQ2JKaENnNGZPb2VVL1FVRVc5empLRTU0Ky93RUUyd3haNFVWZjE3UkVCdGowQVBPMlFWSXE5NlFBaFBQZDQvMnNvays1U1hsZUp3eFllMzY5SXdwR3oyMExyOU1UWTh2dzZYNmNacWxKeWx0dFN0RVlaUVdZNFZVVTZRdz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1741
content-length: 541
expires: 0

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 134C 169 KB
59 KB 55ms
14ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
Origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 15:57:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Sep 2021 15:57:43 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210921/r20110914/elements/html/ Frame 134C 8 KB
3 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210921/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwUZvKzQygdIc0gtBOk6qcFwvCm8CktoeW7vob_xUQ1AZCHiHrisraC_K1b8K-Fs2f4pk43q88lr83A-Z3CM0vfrj6AxESoyO9FTJk6-dWM-bz-AfwFniWeboPXctNL2uN46-tErzhicZewSQ_0x-pH5ioRw&dbm_d=AKAmf-CFW4CrZHf41VYs_d7hznYDk03ZLvA4Cf9M6bVBrZh05HyISxGKu2slCaqmjkDMV32nMSQzrQgMr2dGxCbWcXAtpRVvzEjWIHs4ILOvxMLvzU2j9jGsZOjpHaTHVDd0GXl7m7EmXROMd8mG0d6OcVi7u2v6l5FqhssfqAliBdmt59gIa9UBPU19EMdVn0PZO8wtdNyCdHZ3uJfv72MQnxWfErp8JUQd7u0A7-OV7PVE-WsNiTyeLfqm9a6OkWKGfI6NIM95jsI7-o4AKCyxQyI3dMXys-l1o4z-hEkydTiyFtSpgiWa7ehKJtrHa0wtORVu3v6dat4zBjowavbzzAkPCoWW0qCDHCj2JPT8sNttRoZax7DZQ2TyZnV4Kmi79YI5sZS22j44-4csXhw9VeMtHlgDHtYCw7fzcawOXtN1KUtpdJt8RTexrr8WA7O9eiKZJ-pH_tc29V63yYST9KKfJxFpmOKRCgcdSSbjK0ee569fepNAMhaHGTqvRvv8Jf9aBY-dIZujTAogIAVPp4WHHe1FVXuuba635iEoSVZkgTNqnB8w2ymPJk5YU50uOF1XpFAGSZbFimKFX69NqYWmhAJJ44jxQX_SbuiNXHOmfMskGtbcLKb0ngRebdQCO7e87pH-ucz7Y_6ntLwKRoDSa-RivFs-VshlUQ9x-ObNzcMPy_6FdCUZX3TMxIlFjMYfrw6Tzx1xsKmFfuFbvHFRUkXN-HVpnuTA570NSAMJDUmEKQ0VJo6q8AI7gpZztnpJ2Jff0gAQvanAj0MGunIhw1RtUMeo9oPoCcVhAvhoXJ_BHIKHzCSeP8Wr0OAk1VJm2HVnmvey2z4kL4TjaeCIprArKjgKhS2_0Dq7tGE4724oLcYvR0qMGZnolEnasJEIM3pi9OiaL7lM6JrA9SZZvtz5MXjPDbAI7zfi7Uea3u4-uuMxFRmlcB93l5vgW-ClohtxOjS3LRsu-aISNOcdfDnul7yWDRIyfDMXJmB4Jxkp-RfgkW8Wr7KiGHygOjOkf7zHXEbxN7XVT27doZV7Lskf3gtlHxJErS9zGbJFFJrS-fNRmI2OQ2uO1FzVBx6mMD_DQBnLGZ1AqxSgazsa_B7tGI76BCGWEPJs6ttU14rY3jdjpTYIOBsvjbliZVmCR1m2ZBO5D-t3M6GhUCIz1oRGeb6unDkJm_Rb8SZP6ky4O-bDXMFswGX97AP94_klNYTi2UdO8ngIPH7ydCv4sEoqH4Hxs2D0lFVgzKMuFd0irzap7C07t4EUw_T_-dozj65BdQz8rrc95UXKq3IZ-1vxYkeKi6ZXyBTvup1xmf_AfV6ps_x4lt-_O80l3lbcilVp4tz-WAYoIYKPxkAnfbv_g1HHULx8oexoY1QcG0zd8AzT2ceq3n8xSGpxoxX4AApu4gfncOpzncLiuxnaywVKL5nCuoSh5HQJzz0Q5P0xpUntV-PldB8LQeMLqowDtMfw7EARHimGR7sOlqUHiC4VWA-ZWSRrtdQnmLTSQpXME9pDosjMReUL6kR06fXtQO1KE2qo047Qinsh2M3tZD9ypY3NFDYyG4m2VPCuuDBxRKQqxtG8zkq0IeEU_Aif1Kv6yJz6r7mDXioxc9PbFrNizRipGs9dazYRfpaCfTIfiehVWlrsYmw15xqyR8n-PDpfKkMzlHQFh0jb50_3VhGUN2wxWLp7RNNYKhXIa0GG6NKTpWqTW6ZAq5yhBfm7DOoFnpQsCCPcktimfQfw1VygGsG5iv5ertmJ4cB8sLu5dhZlo0q9WfD90QqPgyYwa2a1FQ9aBIeUAz2t4W8QuznpyfWm4xDlNMQCmb8BV88Q2DdVes794AaqIl3n-0PQ3nGzaIRrVEC5vKGkk0jPOQ5LkZFviKWthT1kry2E3vJRRXICZSQQV4QLfwAsTloWF9JA9bq5r6mJK8DOiM1uUphS5CGlHAUYVOzdGNYAZj6ttVM7raGjDO1faKrnInCKMJ1gYZ-3ZPydgfbtYkS2das8lcWvdGCOTF0S9-kmBHZACTxwOlgjDwY2RIu5LzuT5K7FjJpl8tp7uTX0xY3noGTOTglAvOlTUZB_Djk_fKNQcY91TiiAkTG9yvi2nz6YOzHDdESo-hwPIOo6GK9Vq-enlgifzFidpmyB1nobIvuNgVS3ldfV1HmFFQ8Rg-9JreaySGaWdy9ZZ1RjSQYWL8DJW2jWBdY36MyZ8yfJC58P3q8YFv0KicgAn45Aq8e-2TrELfVoRDYdDKPAn39ECQP6nsHO4IgheBB0JGWohYORDPZGIqIoz-kWdQpWMwDIj2ifTA5jCHG6xRaorT5f8SksCjFM5nwnQX0ILJhF6NYKSIum7e1e3TsXSL47Ifl3DHiu1YW6-SN9AIfdPJ8PRHogR3S2lnOajwcWfmFYe1yORHxt74RnEGLqRr2FVsMwW_DyiYDN0xTzpPLcv0Zd71UOQ2WVa4ZU9egUUqelh8O8d2YO7glKDPUFo4Wic9GRj36qP6nxJfC6RZ089xz4ZKRoSE9z58EZTd9yKnQ7jPtV-qDdnZBtvmf9viSRIQpaOPJna-yc3a35Sg1WMIje9BfF-Ds2WH8TvzwNSJq3YmcJb2Eh8xCV5NVTq_FDqFNcda0MVdocBPqSLYEpiOjBcw6w4InnvVxzRuB9DAFei76gmCgP31INeTydlr2f6opFw0aSLfqBHKJh4oKZ5YpK730eclhQ4P7m9cvqmstgOaz7wNlnYLvjyfbPq69uMbYXHOrP0xgfp7lg2FzIatoma4eE6_uRGhFwn9DgLN7-LDiIX9DdioCK079rdR2f8z6Isn44f68VnzwawJFneORQMgJYRjqHDt1e7ynDOFEIdO_V4S3MqdE9zBBOyOXE69ZOoZmb1r661n4V8mikuWnYq9z5MUnQJgkt-zt8gzG8w-FKE4DojDxU1mbZdPb2OTvdZ5o39a3ORWbXmQroQv6bOV4S0KjN9GxmT8sBBTIyJpE_05Hpv0WYCS68AkSacDh7xgHIYPm51AnZ4V4lF6wU-8rmZg&cid=CAASEuRoSEccgab7hGUnkcee1TVKYg&rfl=1%2Chttps%253A%252F%252F1plus1.ua%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcb80c86da267703311d2eeb3bdb5af0dedf63589d7d6eee4ed81f4bad7537f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:26:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3143
x-xss-protection: 0
server: cafe
etag: 2416364338287085106
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:26:02 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210921/r20110914/ Frame 134C 23 KB
9 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210921/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

289d6e0a0907342fcc661d9944f30ab735754993b96f13f5b59ef4f5269b40fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:29:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 113
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9237
x-xss-protection: 0
server: cafe
etag: 9463376652360951579
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Oct 2021 15:29:27 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F77A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1&C=1

43 B
1014 B

866ms
865ms

Image
image/gif

23.60.51.102
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARi6x_mzATAB&v=APEucNVP9UBtgEcZi6PfpC3kiLg0TMorD_mwVwEDoGMrrz17sb0PoBPpaoVpcsNZtruIKogqyMC1hqN0LsLedM_t5abYqKeYKPnZ-WLj6Jz7ptUDRDJH2IIMjWp4PSEvhT8WpkG-UBLcwd8N1zfqO5vbN7V7cKkSLgFJTlhDmFIzphHjDIqWYIk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.60.51.102 Atlanta, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS: a23-60-51-102.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:22 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 23 Sep 2021 15:31:22 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 23 Sep 2021 15:31:21 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F77A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUydyFCLOdT97d5jZ2jQ2gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1

43 B
894 B

206ms
206ms

Image
image/gif

23.60.51.102
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARi6x_mzATAB&v=APEucNVP9UBtgEcZi6PfpC3kiLg0TMorD_mwVwEDoGMrrz17sb0PoBPpaoVpcsNZtruIKogqyMC1hqN0LsLedM_t5abYqKeYKPnZ-WLj6Jz7ptUDRDJH2IIMjWp4PSEvhT8WpkG-UBLcwd8N1zfqO5vbN7V7cKkSLgFJTlhDmFIzphHjDIqWYIk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.60.51.102 Atlanta, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS: a23-60-51-102.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:21 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 23 Sep 2021 15:31:21 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:21 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJaSaXhpzJFaIWwqivmp5fA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame F77A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJk-OQQPOvUjZ773w416KDc&google_cver=1

43 B
1006 B

20ms
19ms

Image
image/gif

185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJk-OQQPOvUjZ773w416KDc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARi6x_mzATAB&v=APEucNVP9UBtgEcZi6PfpC3kiLg0TMorD_mwVwEDoGMrrz17sb0PoBPpaoVpcsNZtruIKogqyMC1hqN0LsLedM_t5abYqKeYKPnZ-WLj6Jz7ptUDRDJH2IIMjWp4PSEvhT8WpkG-UBLcwd8N1zfqO5vbN7V7cKkSLgFJTlhDmFIzphHjDIqWYIk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:20 GMT
X-Proxy-Origin: 185.232.23.180; 185.232.23.180; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 14796b8e-e0da-477a-9ad2-24fb10162bf6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJk-OQQPOvUjZ773w416KDc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F77A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTY3NzEwODc2MDQ0NzAwMjk1Nw%3D%3D

170 B
188 B

30ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTY3NzEwODc2MDQ0NzAwMjk1Nw%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 23 Sep 2021 15:31:20 GMT
X-Proxy-Origin: 185.232.23.180; 185.232.23.180; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 17f07eff-69bc-49d1-9483-2df320d979a2
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTY3NzEwODc2MDQ0NzAwMjk1Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 2AF0 33 KB
16 KB 175ms
31ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=49494139;rtbwp=YUydxgAOygwK4DAZAAwcBrYomk_WTZ0KPIEC7Q;rtbdata=sE7aJDcJuejeUTB3XbRYVqrtvNmsEqgkFaHQXWcVwXOnsk2dIPoHqA6lzVbaIVSC22njRPWOMZVBvcOm1vSnGdoafEAV0XT-TAYhftW1hJ4-FlYYqlyVtAl77AqMFM24Mdc5-_W4HxVDuY_cHzRs97vX6WmMpKfT0fbn8kLwta3TKKO9RfQ2kqc-zYtGqpJyGcZnx0_mOBgQtZaS8SwCkbvGpvX0AsEB9HSyZIj8IVoRx_2tDow_ifP2teoVDEuNHqWs9WmNogH8bx_s1JcHCD1eSkNiOpcjvKYvaiqLMI9w-iQ4hD3WPPFW31esreEcw3iI60gHGBc1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=C3gxtxp1MYYyUO5nggAeGuLCwCMSzoJRcvtC4heUCwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxMzgyNDc2NTM3NTQ1MzPIAQmpAj5pL3qWJ4U-4AIAqAMBqgTYAU_Qs1pnCTMdTQvsum7fiE9qk6eAER1zqnBfk44bwUyW_9unQbBpEd-cM4vjN4ilYQiW-1cP2reSydqYEU6Tk6dNunj-9TTO36_cUTTa5ReyMNQX6LncrG0Huvbvjr_wmP8dx4IWgKaxMIkLTGNpUH7EjZFUVn0HG0g2bdpjamzEEFeFO7nZ3sfImWLLdlegeDpM9Se8-1q_h__QkT0IeDfyW_GJgoDs1hQxFl2v-f4st1VdcP646UfqBhtZ95m0w2mqk4hs0vQMu7GlzNbwROGqQ_V-HLTzYOAEAYAG_fv_gLfU9dQooAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE&num=1&sig=AOD64_120nf9x1uapK_zPqx6Q3bqZ_WRjA&client=ca-pub-9138247653754533&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Fri, 24 Sep 2021 18:52:43 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 473C 1 KB
868 B 15ms
13ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 23 Sep 2021 08:58:57 GMT
expires: Fri, 24 Sep 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 23543
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6D6A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b3d67efcbc4b5e0b6369dbdfee0cfc244e67531fb967580a1c54402c5030786

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 14922049440116079087
tpc.googlesyndication.com/simgad/ Frame EABB 7 KB
7 KB 17ms
17ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14922049440116079087?w=400&h=209

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d82f577f33e9d99c9208545d5f4048c11995085faf1aba98db70b354a002914f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 21 Sep 2021 01:40:32 GMT
x-content-type-options: nosniff
age: 222648
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6719
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 07:28:04 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Sep 2022 01:40:32 GMT

GET
H2 200 10074023703360132787
tpc.googlesyndication.com/simgad/ Frame EABB 3 KB
3 KB 16ms
15ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10074023703360132787?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e4aadb2562ca721cfd827a843b4f98758939082377413f3b915114e1a4753922

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 23:22:15 GMT
x-content-type-options: nosniff
age: 58145
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2998
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 09:21:26 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Sep 2022 23:22:15 GMT

GET
H2 200 13137255795769845427
tpc.googlesyndication.com/simgad/ Frame EABB 37 KB
37 KB 18ms
17ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13137255795769845427?sqp=-oaymwEOCNgEENgEIAFISFABWAE&rs=AOga4qmBRPaClegWkh7_DBhtSYsJKebujQ&w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d9fb255a6b240375dba72f8befbb61f4c1377ac6c64db752fa4b04911c0f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 22:02:33 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Jan 2020 18:32:28 GMT
server: sffe
age: 235727
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37685
x-xss-protection: 0
expires: Tue, 20 Sep 2022 22:02:33 GMT

GET
H2 200 405660896007720117
tpc.googlesyndication.com/simgad/ Frame EABB 1 KB
1 KB 25ms
25ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/405660896007720117?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c85b338683281b98d34c70608ec3571a19ecf65cdb1d3f979aa8a16e9998387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 17 Sep 2021 07:49:03 GMT
x-content-type-options: nosniff
age: 546137
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1230
x-xss-protection: 0
last-modified: Thu, 09 Jan 2020 18:32:29 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Sep 2022 07:49:03 GMT

GET
H2 200 7939727853574780996
tpc.googlesyndication.com/simgad/ Frame EABB 57 KB
57 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7939727853574780996?sqp=-oaymwEOCNgEENgEIAFISFABWAE&rs=AOga4qnBiY8ECj2bdg7EQ23mAbZDxgLauA&w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a28ec197ef473224031cbe24a6574f7f17ae45e322c01e7ad52d0866841921e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 18 Sep 2021 22:00:09 GMT
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 12:32:26 GMT
server: sffe
age: 408671
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58320
x-xss-protection: 0
expires: Sun, 18 Sep 2022 22:00:09 GMT

GET
H2 200 8231322768108811915
tpc.googlesyndication.com/simgad/ Frame EABB 1 KB
1 KB 28ms
27ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8231322768108811915?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d684b14de0a16890ee2edc6a43c1aa33637b6ff1fa129f902a6c349838b146ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 22:01:29 GMT
x-content-type-options: nosniff
age: 235791
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1272
x-xss-protection: 0
last-modified: Thu, 09 Jan 2020 18:32:29 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Sep 2022 22:01:29 GMT

GET
H2 200 13580226127725266426
tpc.googlesyndication.com/simgad/ Frame EABB 1 KB
1 KB 29ms
29ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13580226127725266426?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4c124c0e8e76997b47b08bbb624421ecc879fd117e8b4845f6123fa82ffb472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 17 Sep 2021 09:23:21 GMT
x-content-type-options: nosniff
age: 540479
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1080
x-xss-protection: 0
last-modified: Thu, 09 Jan 2020 18:32:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 17 Sep 2022 09:23:21 GMT

GET
H2 200 17100367168327232251
tpc.googlesyndication.com/simgad/ Frame EABB 1 KB
1 KB 30ms
29ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17100367168327232251?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6d161d7e7bc133721119f82649d013888410dd147809396f9d0cddb66614f26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 17 Sep 2021 09:22:59 GMT
x-content-type-options: nosniff
age: 540501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1067
x-xss-protection: 0
last-modified: Thu, 09 Jan 2020 18:32:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 17 Sep 2022 09:22:59 GMT

GET
H2 200 9849673321072220247
tpc.googlesyndication.com/simgad/ Frame EABB 1 KB
1 KB 29ms
28ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9849673321072220247?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35a64bc918c699657cc8037d618a1d9fc0a2f7c88ac5bcc8105902dacb4440df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 08:48:35 GMT
x-content-type-options: nosniff
age: 110565
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1124
x-xss-protection: 0
last-modified: Fri, 10 Jan 2020 12:32:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 22 Sep 2022 08:48:35 GMT

GET
H2 200 13098190837520145829
tpc.googlesyndication.com/simgad/ Frame EABB 44 KB
44 KB 31ms
30ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13098190837520145829?sqp=-oaymwEOCNgEENgEIAFISFABWAE&rs=AOga4qnY-Cqb6qKxeDWf3-L1_z2ABk9HaQ&w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a7921cff11764562154e206befc8a3cd10257e89b3e4300a6a97343086cd4cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 17 Sep 2021 09:23:21 GMT
x-content-type-options: nosniff
age: 540479
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44670
x-xss-protection: 0
last-modified: Fri, 10 Jan 2020 12:32:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 17 Sep 2022 09:23:21 GMT

GET
H2 200 14114910245906720103
tpc.googlesyndication.com/simgad/ Frame EABB 1 KB
1 KB 28ms
27ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14114910245906720103?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0525790782a0da95a07fdc1191d1fc719a604d8d816a75ba7e6bcde554c46fad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 04:49:00 GMT
x-content-type-options: nosniff
age: 124940
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1307
x-xss-protection: 0
last-modified: Thu, 09 Jan 2020 18:32:28 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 22 Sep 2022 04:49:00 GMT

GET
H2 200 13011494838582540197
tpc.googlesyndication.com/simgad/ Frame EABB 2 KB
2 KB 30ms
29ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13011494838582540197?w=100&h=100

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

998648454a82d045bdf6896f8001625852c18bddaa371d07e67d9373ddf9f38b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 22:02:32 GMT
x-content-type-options: nosniff
age: 235728
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1689
x-xss-protection: 0
last-modified: Thu, 09 Jan 2020 18:32:28 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Sep 2022 22:02:32 GMT

GET
H2 200 location_map_preview_80x80.png
googleads.g.doubleclick.net/pagead/images/ Frame EABB 4 KB
4 KB 12ms
11ms Image
image/png 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/images/location_map_preview_80x80.png

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f4e942b89543c917fca335351a2bd1d968c5415f04b2054d01348bed12dd644

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 12:20:23 GMT
x-content-type-options: nosniff
server: cafe
age: 11457
etag: 208617018205852857
vary: Accept-Encoding
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4410
x-xss-protection: 0
expires: Fri, 24 Sep 2021 12:20:23 GMT

GET
H2 200 directions_googblue_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame EABB 324 B
470 B 15ms
15ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/directions_googblue_24dp.png

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbba232bd76572c3cb2bd6e70235dfbea33a300b16fff02488006a8164cd624f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 14:59:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 261139
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Tue, 20 Sep 2022 14:59:01 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 6D6A 21 KB
21 KB 17ms
15ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 21 Sep 2021 08:44:05 GMT
x-content-type-options: nosniff
age: 197235
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Sep 2022 08:44:05 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 6D6A 21 KB
21 KB 19ms
18ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 21 Sep 2021 04:08:17 GMT
x-content-type-options: nosniff
age: 213783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Sep 2022 04:08:17 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EABB 0
0 32ms
32ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CxRwzxp1MYYuUO5nggAeGuLCwCKyxs55lqfOTlb4OZBABIP3_hSNgleKQgqAHoAHZ0uTPA8gBCakCqJr-i_Opsz7gAgCoAwHIA0iqBM4BT9BApYG1U-bqnZH46lI7DNgRSxyZVScOiFx8q6dfsNKSFH3rzR1bVM0p0FhCVuPoQ8seFerH9luaNCsweIwDlE59aTYb_2R8asCtofkM7BOM-x5qb2BB9GJA-J9ldSz6dVz84c0Po5jqVPyoT79_iOoq7w7yZ_SEsD1vbV8qOKTrbrT1abLo521Y2WFzPUy812OUzSqvQxHxo2w2BpvIkXr9kdsCtAguo6cgR1syp4oHFwlBCfxxVxWfoz1cbBkKKXYY3FdHOh6ITpa1FPDABK7F1pzWA-AEAZIFBAgEGAGSBQQIBRgEoAYugAf4sa01qAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQicENqAgB0ggJCIDhgBAQARgdgAoDyAsBmAzlwrvP0QO4E6UE2BMO0BUBgBcBshceChwIABIUcHViLTkxMzgyNDc2NTM3NTQ1MzMY1dsW&sigh=j48nK9B8qes&template_id=549
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8EC2 1 KB
783 B 16ms
16ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 23 Sep 2021 08:58:57 GMT
expires: Fri, 24 Sep 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 23543
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame EABB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7cb9d364d57124bc9236b4dff3395fb1f4c91e63f91b5277631d378b918a87e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ Frame CF30 3 KB
1 KB 22ms
22ms Document
text/html 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc33a05a8f5cc0bd452c271663ebd7d43138deafe14d665df73e4411354df396

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 925
date: Thu, 23 Sep 2021 15:31:20 GMT
expires: Fri, 24 Sep 2021 15:31:20 GMT
cache-control: public, max-age=86400
last-modified: Thu, 26 Aug 2021 11:40:33 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 134C 0
592 B 91ms
39ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuufbmjS5hNpR6CxRbNwPJUHdSxCKnGmz4q6L0yh8FfM_9G8pAqlZuT5GLiTCCNcLOACmZQZX7W3Dfjo0-tRSMuzw4LF_orITemf5QvbOoYb9VzOtuYo5HDEJtmWS4ekpL-txAPZzPMcn1OtQO9nIeUy1QIMUMrm1inIvm8Zvo6DjARr5MLCy8slTWX7OTo1vpuIfNogIEuvT9UdRSWzeMCs-TCuQx-CpOknAYKWpYbauMs-XNQ6mq_TrN2oelp1WSeZc2MDq6vr-DmGXFNOccAaG4PUAgTj8RM_YI4I6s5exebUFCDSPmfmxHmnOGr9VYHHv4qTKR_vozX4XYYTp3yZl1lctoCdOCaOPAb-GluOsHs5KvcIP8UDVjxR0JgrzUz4fen0g7rX_QaS1nBTej-mivZwLDcXSibT5j9m4cRxuIW2ACPGPSfUKpeEcmKUnLp0Fw63mQzcwZUl4iWS_mVKKzS2Fzb9uBL9iir681z9DYDAbAViaZO7kMGdwdFAn6hYiED7AOnMWpfpUZJEnB26Cdl70KDZvLAlmnbXPyNq-uh_cnJN_5EoOLnQjuwftrDnC0fLqQMTUCas6NNZm6rKn6qQWWdpulAiStPCTkNnAP9ozsDCm-Qd6OmmJNwPTXo5jzq6w_huPqtgVdODHZtdYK1-DZzCf5ydlP8huLsHDxA9SK9mweN0CJBajPDv1Ai6gjXmUg1Ybh11d9EXdzcG8JNnbn-3sZbECDIbtCKaC6oUM5cID_zMOIrBt0w-kLC7d7rAMHjFA1uRDSPdd_OfT1QzDvOtswymAnGVQW4Tn5HJzXi-_m8NaV6HB55DTnHzk_nfveb2R2gFOjY_avlZJhGMNQXLzi8_D-iinG2WV5bTH_65F6zAYxE_gL5QypT0DzHsfTurAZ-cUX-ABUs53gda1qdRu-_5HHOy8QgKYXsMnLWyGBquYgBUi1jcT92XVavoRDSF-aHvZmryBVA0-OBACYtDJ90ySw5W3B0_cRYrz3HMifndjbvrPV43cnfz0Ael7pklaGW5VNYlagzNHa_Lff7qR3bgBKd1b0FyzaBvQItejGnCsJdM2X-qd_Dyby_WiFpC0qa5qvaMId8DjzwCXGxeFnImaPViuILjGQ3cPt4hES4TBqYLTFiPMwK-MT4qGyYMgw&sai=AMfl-YT-Cu3C-KqzLJygSZcbuoM3vMtP3ykKak0yVRtertCSyAW3o97uT1gYONFl62-7zQDZLM8s7ZCLPlEEGn_LfjpA_BxbfXdZjXYzTIx4MZEO9I_mk3ewGZ6Ssb9Agoc4N07dC75yygkS1Q90Y5pTrhqsyj-PrQ&sig=Cg0ArKJSzJLjCcD7g6OaEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=234&cbvp=1&cstd=227&cisv=r20210921.28626&adurl=

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 23 Sep 2021 15:31:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 134C 41 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 15:57:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 22 Sep 2022 15:57:43 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CB34 1 KB
783 B 21ms
21ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 23 Sep 2021 08:58:57 GMT
expires: Fri, 24 Sep 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 23543
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 134C 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c198bb72fb929a5dd43986dfc9365a29d493ce9243d20f33f8be57a9e5f1adb4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame EABB 21 KB
21 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2Cbold

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 21 Sep 2021 08:44:05 GMT
x-content-type-options: nosniff
age: 197235
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Sep 2022 08:44:05 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame EABB 21 KB
21 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2Cbold

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 21 Sep 2021 04:08:17 GMT
x-content-type-options: nosniff
age: 213783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Sep 2022 04:08:17 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame EABB 11 KB
11 KB 17ms
16ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2Cbold

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a0a55ede49967613efde001805c862157a4f477f3546dd3c197a8a1d6398d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 12:46:38 GMT
x-content-type-options: nosniff
age: 96282
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10924
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:27 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 22 Sep 2022 12:46:38 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame EABB 21 KB
21 KB 17ms
16ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2Cbold

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbbc44e5ebb0694e2faa4b84737dc33d6b8fa9d0eaa8b5f63ac3537130cb07bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 21 Sep 2021 09:10:36 GMT
x-content-type-options: nosniff
age: 195644
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21444
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:20 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Sep 2022 09:10:36 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 2AF0 7 KB
4 KB 28ms
28ms Script
text/javascript 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=49494139;rtbwp=YUydxgAOygwK4DAZAAwcBrYomk_WTZ0KPIEC7Q;rtbdata=sE7aJDcJuejeUTB3XbRYVqrtvNmsEqgkFaHQXWcVwXOnsk2dIPoHqA6lzVbaIVSC22njRPWOMZVBvcOm1vSnGdoafEAV0XT-TAYhftW1hJ4-FlYYqlyVtAl77AqMFM24Mdc5-_W4HxVDuY_cHzRs97vX6WmMpKfT0fbn8kLwta3TKKO9RfQ2kqc-zYtGqpJyGcZnx0_mOBgQtZaS8SwCkbvGpvX0AsEB9HSyZIj8IVoRx_2tDow_ifP2teoVDEuNHqWs9WmNogH8bx_s1JcHCD1eSkNiOpcjvKYvaiqLMI9w-iQ4hD3WPPFW31esreEcw3iI60gHGBc1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=C3gxtxp1MYYyUO5nggAeGuLCwCMSzoJRcvtC4heUCwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxMzgyNDc2NTM3NTQ1MzPIAQmpAj5pL3qWJ4U-4AIAqAMBqgTYAU_Qs1pnCTMdTQvsum7fiE9qk6eAER1zqnBfk44bwUyW_9unQbBpEd-cM4vjN4ilYQiW-1cP2reSydqYEU6Tk6dNunj-9TTO36_cUTTa5ReyMNQX6LncrG0Huvbvjr_wmP8dx4IWgKaxMIkLTGNpUH7EjZFUVn0HG0g2bdpjamzEEFeFO7nZ3sfImWLLdlegeDpM9Se8-1q_h__QkT0IeDfyW_GJgoDs1hQxFl2v-f4st1VdcP646UfqBhtZ95m0w2mqk4hs0vQMu7GlzNbwROGqQ_V-HLTzYOAEAYAG_fv_gLfU9dQooAYhqAemvhuoB_DZG6gH8tkbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE&num=1&sig=AOD64_120nf9x1uapK_zPqx6Q3bqZ_WRjA&client=ca-pub-9138247653754533&adurl=;js=1;adfxid=1x;3135;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2F1plus1.ua

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

11c1ab6a005c6c7a2d15ac8f8c4a94cbd6e681817531dd806e1a41dcaafeefed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3204
expires: -1

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 473C
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1&google_push=AYg5qPJ9x0xU0Dm8qZeQd9Rp0ftNH6yYKt1Q7LlKswpcqRbl_QNN2GWrnZwfKR99ygZc5Usazmm2cbLuPW33ZgCvBoUEKVxa-w
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM3ODA1MjUwOTk1NDUwMDI1OA==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1

43 B
407 B

32ms
16ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:19 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame 473C
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEHiZnhF_nn7wpSiDG_JsLQo&google_cver=1&google_push=AYg5qPIwIZY8rJbFCJpi8UqhKpbXMX0LO6JAvCfFsHj39o9Zfh4IjmJjVBe5YmraH_a_ZntNJPXy-UX9GO8ejzsd0RISMle...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIwIZY8rJbFCJpi8UqhKpbXMX0LO6JAvCfFsHj39o9Zfh4IjmJjVBe5YmraH_a_ZntNJPXy-UX9GO8ejzsd0RISMlecx00&google_hm=MjMxMTY2MTY1...
https://a.rfihub.com/cm?pub=445&google_error=5

42 B
816 B

71ms
16ms

Image
image/gif

193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&google_error=5
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 15:31:20 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://a.rfihub.com/cm?pub=445&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 473C
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEH4NK9srMK6qAsOl_MTI6xw&google_cver=1&google_push=AYg5qPJcCdyLcXj8r-h4JTS1GZyn0zI6MHFvVWBsdT2R_QnhFbOjAGZ7hVuDIpze2leCy3jWxoimGoGzb_YsVFkRQrrPXBJ3_tM
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8831A89CFF594D619DB324783AD737E7&google_push=AYg5qPJcCdyLcXj8r-h4JTS1GZyn0zI6MHFvVWBsdT2R_QnhFbOjAGZ7hVuDIpze2leCy3jWxoimGoGzb_YsVFk...

170 B
188 B

17ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8831A89CFF594D619DB324783AD737E7&google_push=AYg5qPJcCdyLcXj8r-h4JTS1GZyn0zI6MHFvVWBsdT2R_QnhFbOjAGZ7hVuDIpze2leCy3jWxoimGoGzb_YsVFkRQrrPXBJ3_tM

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 23 Sep 2021 15:31:20 GMT
x-content-type-options: nosniff
server: openresty
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8831A89CFF594D619DB324783AD737E7&google_push=AYg5qPJcCdyLcXj8r-h4JTS1GZyn0zI6MHFvVWBsdT2R_QnhFbOjAGZ7hVuDIpze2leCy3jWxoimGoGzb_YsVFkRQrrPXBJ3_tM
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 22 Sep 2021 15:31:20 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 473C
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEFORu31vVrO6P-ZguZUcUtM&google_cver=1&google_push=AYg5qPJNVEkzKgPiBOChAodZDmy1pWKotS-xq3EWuQh1h0wcBUtRO7-yO08XDs_zwoB22aZAxSxQ6qhOPom...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJNVEkzKgPiBOChAodZDmy1pWKotS-xq3EWuQh1h0wcBUtRO7-yO08XDs_zwoB22aZAxSxQ6qhOPomPzi1o18Y6hw6CnQ&google_hm=JakaRdPKSS-r_pRGp3jiKbQ

170 B
188 B

28ms
28ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJNVEkzKgPiBOChAodZDmy1pWKotS-xq3EWuQh1h0wcBUtRO7-yO08XDs_zwoB22aZAxSxQ6qhOPomPzi1o18Y6hw6CnQ&google_hm=JakaRdPKSS-r_pRGp3jiKbQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJNVEkzKgPiBOChAodZDmy1pWKotS-xq3EWuQh1h0wcBUtRO7-yO08XDs_zwoB22aZAxSxQ6qhOPomPzi1o18Y6hw6CnQ&google_hm=JakaRdPKSS-r_pRGp3jiKbQ
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 473C 0
142 B 46ms
16ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEMnbbj5IM6P9Ds4INcIjW30&google_cver=1&google_push=AYg5qPLI4lIm5YY-OtgDjIZjL2082RdbuPzUgYj3pKQrR7qPG37_C1cP72ebBcrXQKV0qY9TgkIbDxWncE9FCYRkeHNi_1M4QcM
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 google
alt-svc: clear

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 473C
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEEDdEVwCMH-oZczOg_hyT00&google_cver=1&google_push=AYg5qPI_GATjVK-EixWzsOWwYxQwVQAC0cNX1MWAh5DvZCW0iTA1E5OkEBlO_QNgt22FAIi1IAtXqeER2FaJyrFK...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g8B1m5B0RCq5akxqKU8AVw2&google_push=AYg5qPI_GATjVK-EixWzsOWwYxQwVQAC0cNX1MWAh5DvZCW0iTA1E5OkEBlO_QNgt22FAIi1IAtXqeER2FaJyrFKp6QXWECxsA

170 B
188 B

23ms
23ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g8B1m5B0RCq5akxqKU8AVw2&google_push=AYg5qPI_GATjVK-EixWzsOWwYxQwVQAC0cNX1MWAh5DvZCW0iTA1E5OkEBlO_QNgt22FAIi1IAtXqeER2FaJyrFKp6QXWECxsA

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g8B1m5B0RCq5akxqKU8AVw2&google_push=AYg5qPI_GATjVK-EixWzsOWwYxQwVQAC0cNX1MWAh5DvZCW0iTA1E5OkEBlO_QNgt22FAIi1IAtXqeER2FaJyrFKp6QXWECxsA
x-host: tde-deliveryengine-production-7f8fcb5db4-qznlh
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 473C
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESELappmzVWoF3bN-8pi5rRzs&google_cver=1&google_push=AYg5qPJODElUb9hg3qYu9KYLDPjj6oQUFqsDdpmEJ2bt1WV2W7uXgzWUeOR6_MCUNzl8CHf9P--tD8K3oEXanbtmz...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESELappmzVWoF3bN-8pi5rRzs&google_cver=1&google_push=AYg5qPJODElUb9hg3qYu9KYLDPjj6oQUFqsDdpmEJ2bt1WV2W7uXgzWUeOR6_MCUNzl8CHf9P--tD8K3oEXanbtmz...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJODElUb9hg3qYu9KYLDPjj6oQUFqsDdpmEJ2bt1WV2W7uXgzWUeOR6_MCUNzl8CHf9P--tD8K3oEXanbtmzz2A3_Wjuj8&google_hm=a6eaeb1aa793d8a2a7f7c0d6

170 B
188 B

21ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJODElUb9hg3qYu9KYLDPjj6oQUFqsDdpmEJ2bt1WV2W7uXgzWUeOR6_MCUNzl8CHf9P--tD8K3oEXanbtmzz2A3_Wjuj8&google_hm=a6eaeb1aa793d8a2a7f7c0d6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 23 Sep 2021 15:31:20 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJODElUb9hg3qYu9KYLDPjj6oQUFqsDdpmEJ2bt1WV2W7uXgzWUeOR6_MCUNzl8CHf9P--tD8K3oEXanbtmzz2A3_Wjuj8&google_hm=a6eaeb1aa793d8a2a7f7c0d6
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 473C 0
12 B 20ms
19ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I7zbnklNDsf-BpPv3pAo6Iri1n0MlOHdD1K2ANg1cIVo3203QR0MfDKF9JYk0NuGSC8xBB

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 67BD 22 KB
8 KB 17ms
14ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 22 Sep 2021 15:57:43 GMT
expires: Thu, 22 Sep 2022 15:57:43 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 84817
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8EC2
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEFORu31vVrO6P-ZguZUcUtM&google_cver=1&google_push=AYg5qPKPgnuDEymUu1A9roE0eQgdg3Oaowp0CUCrsfyTbFTY-IzvMZfH9B7nYc8KtFGwy9tnsSI3Z8aLKQa...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKPgnuDEymUu1A9roE0eQgdg3Oaowp0CUCrsfyTbFTY-IzvMZfH9B7nYc8KtFGwy9tnsSI3Z8aLKQaRFuvP7jo7yWfSAjE&google_hm=NDmuT6-tR4Cct-rI7ah3TLQ

170 B
188 B

28ms
28ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKPgnuDEymUu1A9roE0eQgdg3Oaowp0CUCrsfyTbFTY-IzvMZfH9B7nYc8KtFGwy9tnsSI3Z8aLKQaRFuvP7jo7yWfSAjE&google_hm=NDmuT6-tR4Cct-rI7ah3TLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKPgnuDEymUu1A9roE0eQgdg3Oaowp0CUCrsfyTbFTY-IzvMZfH9B7nYc8KtFGwy9tnsSI3Z8aLKQaRFuvP7jo7yWfSAjE&google_hm=NDmuT6-tR4Cct-rI7ah3TLQ
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8EC2
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEEDdEVwCMH-oZczOg_hyT00&google_cver=1&google_push=AYg5qPJd7AfC1tdR2SaIWWI61KpYDrNHB_KzqcPDIMHdFFPhEamVe6h-hs32LNN9QgUgxH-k5LAFMEgq1rFVvqSE...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XEyx_JcUSQCjj8UYkuNC5Q2&google_push=AYg5qPJd7AfC1tdR2SaIWWI61KpYDrNHB_KzqcPDIMHdFFPhEamVe6h-hs32LNN9QgUgxH-k5LAFMEgq1rFVvqSEMUhCxIKoXF2W

170 B
188 B

28ms
28ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XEyx_JcUSQCjj8UYkuNC5Q2&google_push=AYg5qPJd7AfC1tdR2SaIWWI61KpYDrNHB_KzqcPDIMHdFFPhEamVe6h-hs32LNN9QgUgxH-k5LAFMEgq1rFVvqSEMUhCxIKoXF2W

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XEyx_JcUSQCjj8UYkuNC5Q2&google_push=AYg5qPJd7AfC1tdR2SaIWWI61KpYDrNHB_KzqcPDIMHdFFPhEamVe6h-hs32LNN9QgUgxH-k5LAFMEgq1rFVvqSEMUhCxIKoXF2W
x-host: tde-deliveryengine-production-7f8fcb5db4-fz9pv
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8EC2
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGDhGb8YWECU3Mo4IAVPteg&google_cver=1&google_push=AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OEScPqgRm...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGDhGb8YWECU3Mo4IAVPteg&google_cver=1&google_push=AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OES...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OEScPqgRmbddZoelq&google_hm=zK81oU9hQmCsOc4tWuywHQ==

170 B
188 B

19ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OEScPqgRmbddZoelq&google_hm=zK81oU9hQmCsOc4tWuywHQ==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OEScPqgRmbddZoelq&google_hm=zK81oU9hQmCsOc4tWuywHQ==
date: Thu, 23 Sep 2021 15:31:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8EC2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAT7nWieUlRDzN_Oc7zE_Jo&google_cver=1&google_push=AYg5qPJNdpzDxuiJZCLnE2tkvq6IycGqHGvi8FP2-ukAyxUYIa0kUmsWdPrFmxgpGyM4j7fBhr2...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RYM0VSMTMtSi1HWkoy&google_push=AYg5qPJNdpzDxuiJZCLnE2tkvq6IycGqHGvi8FP2-ukAyxUYIa0kUmsWdPrFmxgpGyM4j7fBhr2917w_4wow4muOypQD_b9xuSEi

170 B
188 B

18ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RYM0VSMTMtSi1HWkoy&google_push=AYg5qPJNdpzDxuiJZCLnE2tkvq6IycGqHGvi8FP2-ukAyxUYIa0kUmsWdPrFmxgpGyM4j7fBhr2917w_4wow4muOypQD_b9xuSEi

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RYM0VSMTMtSi1HWkoy&google_push=AYg5qPJNdpzDxuiJZCLnE2tkvq6IycGqHGvi8FP2-ukAyxUYIa0kUmsWdPrFmxgpGyM4j7fBhr2917w_4wow4muOypQD_b9xuSEi
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8EC2
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEA...
https://sync.targeting.unrulymedia.com/csync/RX-57bd6e2a-204d-48d8-8f8d-2463ceec3c78-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPK83qDGKqT4ZUdz9HEJT...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK83qDGKqT4ZUdz9HEJT_MYzOTi7174ASrfE6tSMkubdUt8lIjLnEqz43UApzieBUnurOd6vTfJk_7Hkn0ugLbExdUzMKo&google_hm=A1e9biogTUjYj40kY87sPHg

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK83qDGKqT4ZUdz9HEJT_MYzOTi7174ASrfE6tSMkubdUt8lIjLnEqz43UApzieBUnurOd6vTfJk_7Hkn0ugLbExdUzMKo&google_hm=A1e9biogTUjYj40kY87sPHg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK83qDGKqT4ZUdz9HEJT_MYzOTi7174ASrfE6tSMkubdUt8lIjLnEqz43UApzieBUnurOd6vTfJk_7Hkn0ugLbExdUzMKo&google_hm=A1e9biogTUjYj40kY87sPHg
date: Thu, 23 Sep 2021 15:31:20 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX57bd6e2a204d48d88f8d2463ceec3c78003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8EC2
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEBZTpQ9S8-zDwc6a70T_2Jo&google_cver=1&google_push=AYg5qPIE7RJe3nC4c3DPIlm0ZUp78UQgUjGQyiSwIpSHcO1dGwD134ijFARh4PWLyE4u6xNmnqqrpOYEeoX0pclK6h8vjdGesCp7
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPIE7RJe3nC4c3DPIlm0ZUp78UQgUjGQyiSwIpSHcO1dGwD134ijFARh4PWLyE4u6xNmnqqrpOYEeoX0pclK6h8vjdGesCp7&goog...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTMzOTA4OTY3NTEyNDgxMDc0NTE%3D&google_push=AYg5qPIE7RJe3nC4c3DPIlm0ZUp78UQgUjGQyiSwIpSHcO1dGwD134ijFARh4P...

170 B
188 B

23ms
20ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTMzOTA4OTY3NTEyNDgxMDc0NTE%3D&google_push=AYg5qPIE7RJe3nC4c3DPIlm0ZUp78UQgUjGQyiSwIpSHcO1dGwD134ijFARh4PWLyE4u6xNmnqqrpOYEeoX0pclK6h8vjdGesCp7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTMzOTA4OTY3NTEyNDgxMDc0NTE%3D&google_push=AYg5qPIE7RJe3nC4c3DPIlm0ZUp78UQgUjGQyiSwIpSHcO1dGwD134ijFARh4PWLyE4u6xNmnqqrpOYEeoX0pclK6h8vjdGesCp7
date: Thu, 23 Sep 2021 15:31:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 8EC2 43 B
144 B 25ms
24ms Image
image/gif 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEC3gqoCfPvh6NIUSb5AWUTY&google_cver=1&google_push=AYg5qPIr9s1A1ZBrPDPRU1WHZg1gq_N04RAyet7slM09Ur6puLglJj5nafd94x9WZAUryEWItGHBVO0427sJS39vA5u0X08Ly7XOrA

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Sep 2021 15:31:20 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8EC2 0
12 B 24ms
23ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LvIrSs2Q2SJOrw3Gce2_mZort5LB93iwdveVomWeLCNJEIiNvcdkFQtyds-P1o9TYPWje3uw

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js Show response
pagead2.googlesyndication.com/bg/ Frame BB22 35 KB
13 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 10:17:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13388
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 23:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 23 Sep 2022 10:17:11 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 167B 1 KB
783 B 15ms
14ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 23 Sep 2021 08:58:57 GMT
expires: Fri, 24 Sep 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 23543
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2AF0 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de04c4cdaa8d47b3eae5414c4b847ab6de467fdd4b950e707ceca58fa3ff5c41

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 hp_styles.css
s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ Frame CF30 3 KB
922 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96addbace84572f473407eec66f6a5ad11882ab3396e4de1cd7d9d0326fe2011

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 21:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66289
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 822
x-xss-protection: 0
last-modified: Thu, 26 Aug 2021 11:40:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Sep 2021 21:06:31 GMT

GET
H2 200 tweenmax_2.1.2_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame CF30 113 KB
39 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.1.2_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39910
x-xss-protection: 0
last-modified: Mon, 11 Mar 2019 14:29:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Sep 2021 15:31:20 GMT

GET
H2 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame CF30 116 KB
39 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 15:57:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Sep 2021 15:57:43 GMT

GET
H2 200 hp_main.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ Frame CF30 4 KB
812 B 32ms
32ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

562969de5b2d4db0bd23d75b98eed8490c5de2bd2d5fc9bb198826a47507549b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/index.html?e=69&leftOffset=0&topOffset=0&c=nVHfssMarP&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 13:46:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6269
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 720
x-xss-protection: 0
last-modified: Thu, 26 Aug 2021 11:40:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Sep 2021 13:46:51 GMT

GET
H2 200 WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js Show response
pagead2.googlesyndication.com/bg/ Frame 8E32 35 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 10:17:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13388
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 23:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 23 Sep 2022 10:17:11 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 2AF0 90 KB
39 KB 25ms
24ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 839d3987d00b948eb071fc35a4cf1d9e8f9f20ce12ccf82e6bcdaa8f760199bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 07:04:15 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Fri, 24 Sep 2021 18:54:22 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame CB34
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1&google_push=AYg5qPJSXltF2pZM_LE9tIT3Fa2uCB_uIKI69hsdxlSf9IcVmhw73V0rdm1HdGXtSxzJXMXg8F0gOZCCplq1Sv_0dL81fm8hXypl
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM3ODA1MjUwOTk1NDUwMDI1OA==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1

43 B
407 B

15ms
15ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:19 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEFwQ8VVDUmvyzZdY0pUyf7A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame CB34 35 B
463 B 54ms
12ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEFUJVzMg-fM3tUY0dnSgg0k&google_cver=1&google_push=AYg5qPIzpD_YKGS5hMZi5BNVZE7pbbxstoQWf08__-_h3B2Lq-FxkTCFp_C9cG0iAJPZ9NMaqYYG-AiAWgQmLTu1-wJatT5opS--

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame CB34
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPMYlFQecnzY55t8gcVMouw&google_cver=1&google_push=AYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPMYlFQecnzY55t8gcVMouw&google_cver=1&google_push=AYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s...

43 B
417 B

185ms
170ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPMYlFQecnzY55t8gcVMouw&google_cver=1&google_push=AYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6934d1c709f04357-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 57
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6934d1c5de2b4357-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPMYlFQecnzY55t8gcVMouw&google_cver=1&google_push=AYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL3WiZTCmvUOvYXl8EMN9K8_qBLcbn6tdavX9nDDkdt0_j0kXQpwlaeB2xXLl9q-kuj-97kHOcXzZR8vQlZnkmphAFxo8s%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame CB34 0
191 B 115ms
24ms Image
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESELMxN92B_RT_BHi0P3IF2JQ&google_cver=1&google_push=AYg5qPILeFLMDDpOOrjjboHjLTixteOkmB-gG4ftEuFkfesF4eqjtbHIMg934fAoFM7EerAD5V3uf0QevIxKHXhqg59IstlkZRjU
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB34
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEMGsepbVbdWqVp_B_FAifrA&google_cver=1&google_push=AYg5qPJO9e58DcTDZOxu_yU35wfBfNd8WcHClndOMQJBhZGYJasiT7Qdc-r2u...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEMGsepbVbdWqVp_B_FAifrA&google_cver=1&google_push=AYg5qPJO9e58DcTDZOxu_yU35wfBfNd8WcHClndOMQJBhZGYJasiT7Qdc-r2u...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=9WB6R7zAMk6tDYcQcfzIbw&google_push=AYg5qPJO9e58DcTDZOxu_yU35wfBfNd8WcHClndOMQJBhZGYJasiT7Qdc-r2uimM5SComms2o4fykkhz5...

170 B
188 B

28ms
28ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=9WB6R7zAMk6tDYcQcfzIbw&google_push=AYg5qPJO9e58DcTDZOxu_yU35wfBfNd8WcHClndOMQJBhZGYJasiT7Qdc-r2uimM5SComms2o4fykkhz5G_aelmwh3aHetEO4QP8

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 23 Sep 2021 15:31:20 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=9WB6R7zAMk6tDYcQcfzIbw&google_push=AYg5qPJO9e58DcTDZOxu_yU35wfBfNd8WcHClndOMQJBhZGYJasiT7Qdc-r2uimM5SComms2o4fykkhz5G_aelmwh3aHetEO4QP8
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 238

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB34
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESED33P4fNFCbX2GW3K7GB1mI&google_cver=1&google_push=AYg5qPLMMiGj4NStEOyGHQrzQVVBl8TCEOBq6JvnGTSonZS0oQ6YDNEXjrV_uFNzmDIlhf2IF9RAEm-z8q-0z_ihniO-HmJjd4TJ
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLMMiGj4NStEOyGHQrzQVVBl8TCEOBq6JvnGTSonZS0oQ6YDNEXjrV_uFNzmDIlhf2IF9RAEm-z8q-0z_ihniO-HmJjd4TJ&google_hm=QHBLY9Tjx7oFJ5N0jm3m4g==

170 B
188 B

18ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLMMiGj4NStEOyGHQrzQVVBl8TCEOBq6JvnGTSonZS0oQ6YDNEXjrV_uFNzmDIlhf2IF9RAEm-z8q-0z_ihniO-HmJjd4TJ&google_hm=QHBLY9Tjx7oFJ5N0jm3m4g==

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLMMiGj4NStEOyGHQrzQVVBl8TCEOBq6JvnGTSonZS0oQ6YDNEXjrV_uFNzmDIlhf2IF9RAEm-z8q-0z_ihniO-HmJjd4TJ&google_hm=QHBLY9Tjx7oFJ5N0jm3m4g==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 1bpd00vo8t8gc5vthtsn48j1emetpi2v

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB34
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_CMUwY_9TFqEret2uQA35A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

19ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_CMUwY_9TFqEret2uQA35A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKj_H5bNeDvIQnBMdSIdUb8dBaOdjYnhoWSfdY4_u_KB3VxMNMCIy_qId6wC1O22Hw9zRJjfOJul_0tcfoGmVSGV-JhhT4

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_CMUwY_9TFqEret2uQA35A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKj_H5bNeDvIQnBMdSIdUb8dBaOdjYnhoWSfdY4_u_KB3VxMNMCIy_qId6wC1O22Hw9zRJjfOJul_0tcfoGmVSGV-JhhT4
date: Thu, 23 Sep 2021 15:31:20 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CB34 0
12 B 14ms
14ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KD-ISNwlCUJ84u4L7B7-9a9DO7K1-l1ytLZNd1W4HvxEhys5gWfoDuJ4s1tUTNEUdZyql3

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 bgImg.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ Frame CF30 9 KB
9 KB 16ms
16ms Image
image/jpeg 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/bgImg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7861927b42ad82ea82534149d813091dac7ea282c78ebc2627fe2e6a729b21e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 22:01:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 11:40:33 GMT
server: sffe
age: 63002
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9549
x-xss-protection: 0
expires: Thu, 23 Sep 2021 22:01:18 GMT

GET
H2 200 txtSprite.png
s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ Frame CF30 8 KB
8 KB 18ms
17ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/txtSprite.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a15cec027beda843ebf0a4ecf8208346d870a47a1e481eaaa43acb826ef619ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 12:19:18 GMT
x-content-type-options: nosniff
age: 11522
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8182
x-xss-protection: 0
last-modified: Thu, 26 Aug 2021 11:40:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Sep 2021 12:19:18 GMT

GET
H2 200 logoSprite.png
s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ Frame CF30 5 KB
5 KB 17ms
16ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/logoSprite.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e7529cc6d828650a73becf99c3b85fd526c2b0222ab78160658640f8937826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 22:01:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 11:40:33 GMT
server: sffe
age: 63002
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5282
x-xss-protection: 0
expires: Thu, 23 Sep 2021 22:01:18 GMT

GET
H2 200 ctaSprite.png
s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ Frame CF30 7 KB
8 KB 20ms
19ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ctaSprite.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6db67dbb3d6ecef6c26429b77248044ad075529ae2ae1e0a799fd198eeecb0b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 09:14:59 GMT
x-content-type-options: nosniff
age: 22581
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7660
x-xss-protection: 0
last-modified: Thu, 26 Aug 2021 11:40:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Sep 2021 09:14:59 GMT

GET
H2 200 intro.png
s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/ Frame CF30 11 KB
11 KB 18ms
17ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/intro.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc63d003aaac951eb3b5d84ca366a89514e48d55dab0f3104704ce0203771834

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61885200/20210826044033902/hp_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 22:01:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 11:40:33 GMT
server: sffe
age: 63002
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10956
x-xss-protection: 0
expires: Thu, 23 Sep 2021 22:01:18 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 167B 0
104 B 186ms
66ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESELazGgCuvNtxxj5cQc3Pyzw&google_cver=1&google_push=AYg5qPKLVLXJEsO9yj0La_PcoGXwMJC_pqZbSMtA1GGvafDzf3QMFaZa-gzh6uPk4BYdV667z2wusCqH-mMApsZeqDJ4Ts5EqgU
Requested by: Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 167B
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEH4NK9srMK6qAsOl_MTI6xw&google_cver=1&google_push=AYg5qPI8N3k5aeH1Zlkxxxd4RCrE6d86m5ARwYoKIQTPd3N92q_rysr97oBZY1tTktA8h8aiTFOip2vnKi1FvrhLr7YAem4RUP8
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8831A89CFF594D619DB324783AD737E7&google_push=AYg5qPI8N3k5aeH1Zlkxxxd4RCrE6d86m5ARwYoKIQTPd3N92q_rysr97oBZY1tTktA8h8aiTFOip2vnKi1Fvrh...

170 B
188 B

21ms
21ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8831A89CFF594D619DB324783AD737E7&google_push=AYg5qPI8N3k5aeH1Zlkxxxd4RCrE6d86m5ARwYoKIQTPd3N92q_rysr97oBZY1tTktA8h8aiTFOip2vnKi1FvrhLr7YAem4RUP8

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 23 Sep 2021 15:31:20 GMT
x-content-type-options: nosniff
server: openresty
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8831A89CFF594D619DB324783AD737E7&google_push=AYg5qPI8N3k5aeH1Zlkxxxd4RCrE6d86m5ARwYoKIQTPd3N92q_rysr97oBZY1tTktA8h8aiTFOip2vnKi1FvrhLr7YAem4RUP8
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 22 Sep 2021 15:31:20 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 167B
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEEDdEVwCMH-oZczOg_hyT00&google_cver=1&google_push=AYg5qPJpClY8iFwHsjuTqIXZ78-YgxusgT6_AXrVbUmxgjDtlIEhS-c9sgNOgIvXyPJkRl0EBt7xVeMdBn7gMOaR...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XEyx_JcUSQCjj8UYkuNC5Q2&google_push=AYg5qPJpClY8iFwHsjuTqIXZ78-YgxusgT6_AXrVbUmxgjDtlIEhS-c9sgNOgIvXyPJkRl0EBt7xVeMdBn7gMOaR_SzsH4ZOgOg

170 B
188 B

22ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XEyx_JcUSQCjj8UYkuNC5Q2&google_push=AYg5qPJpClY8iFwHsjuTqIXZ78-YgxusgT6_AXrVbUmxgjDtlIEhS-c9sgNOgIvXyPJkRl0EBt7xVeMdBn7gMOaR_SzsH4ZOgOg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XEyx_JcUSQCjj8UYkuNC5Q2&google_push=AYg5qPJpClY8iFwHsjuTqIXZ78-YgxusgT6_AXrVbUmxgjDtlIEhS-c9sgNOgIvXyPJkRl0EBt7xVeMdBn7gMOaR_SzsH4ZOgOg
x-host: tde-deliveryengine-production-7f8fcb5db4-fz9pv
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 167B
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESED33P4fNFCbX2GW3K7GB1mI&google_cver=1&google_push=AYg5qPLY-jhciUP2AbgGy036Km67DKN39kohBQ_Ate-IYE0OhB9QQvsKbW9PDP8XuatyJXNFj60LBIJFXNRJ3o33J6Wn_lqvGg
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLY-jhciUP2AbgGy036Km67DKN39kohBQ_Ate-IYE0OhB9QQvsKbW9PDP8XuatyJXNFj60LBIJFXNRJ3o33J6Wn_lqvGg&google_hm=QHBLY9Tjx7oFJ5N0jm3m4g==

170 B
188 B

22ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLY-jhciUP2AbgGy036Km67DKN39kohBQ_Ate-IYE0OhB9QQvsKbW9PDP8XuatyJXNFj60LBIJFXNRJ3o33J6Wn_lqvGg&google_hm=QHBLY9Tjx7oFJ5N0jm3m4g==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLY-jhciUP2AbgGy036Km67DKN39kohBQ_Ate-IYE0OhB9QQvsKbW9PDP8XuatyJXNFj60LBIJFXNRJ3o33J6Wn_lqvGg&google_hm=QHBLY9Tjx7oFJ5N0jm3m4g==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 3lk8ubdbk2k1mfpqjdc821h1otjdfrba

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 167B
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_CMUwY_9TFqEret2uQA35A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

21ms
20ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_CMUwY_9TFqEret2uQA35A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpM2g0qhPRbgfoPsX53eydrV-eU8obgaNjJl3MmWaFnA4diL1Yq18emdol902I19Xa1Ck8Xww-m1YM73lSktxM5SCLQdI

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_CMUwY_9TFqEret2uQA35A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpM2g0qhPRbgfoPsX53eydrV-eU8obgaNjJl3MmWaFnA4diL1Yq18emdol902I19Xa1Ck8Xww-m1YM73lSktxM5SCLQdI
date: Thu, 23 Sep 2021 15:31:20 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 167B
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEBZTpQ9S8-zDwc6a70T_2Jo&google_cver=1&google_push=AYg5qPKUm8TVl0yy8TRnztxSv4l_nTNVScto2cZtLTJNwcdX9PkFlHLn6h6oeUdANR-TMC9EyTUsJQl4y8lrUWVmAiVuET8YMr4
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTMzOTA4OTY3NTEyNDgxMDc0NTE%3D&google_push=AYg5qPKUm8TVl0yy8TRnztxSv4l_nTNVScto2cZtLTJNwcdX9PkFlHLn6h6oeU...

170 B
188 B

16ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTMzOTA4OTY3NTEyNDgxMDc0NTE%3D&google_push=AYg5qPKUm8TVl0yy8TRnztxSv4l_nTNVScto2cZtLTJNwcdX9PkFlHLn6h6oeUdANR-TMC9EyTUsJQl4y8lrUWVmAiVuET8YMr4

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTMzOTA4OTY3NTEyNDgxMDc0NTE%3D&google_push=AYg5qPKUm8TVl0yy8TRnztxSv4l_nTNVScto2cZtLTJNwcdX9PkFlHLn6h6oeUdANR-TMC9EyTUsJQl4y8lrUWVmAiVuET8YMr4
date: Thu, 23 Sep 2021 15:31:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 167B
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEJJDQzEAOUFWxEXJGRo8oxM&google_cver=1&google_push=AYg5qPKHwuzxjfnFoRduLKrfiacryawqbzM7b4qPfNA3Nn465kr2NQgVjrs4F8U8whRDmBbxKUGOIC...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKHwuzxjfnFoRduLKrfiacryawqbzM7b4qPfNA3Nn465kr2NQgVjrs4F8U8whRDmBbxKUGOICm73xNDbs7FlqURRB7FkYY&google_hm=NjM3MzYwNTY...

170 B
188 B

22ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKHwuzxjfnFoRduLKrfiacryawqbzM7b4qPfNA3Nn465kr2NQgVjrs4F8U8whRDmBbxKUGOICm73xNDbs7FlqURRB7FkYY&google_hm=NjM3MzYwNTYyNDk1NTA3NzUxMA%3D%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKHwuzxjfnFoRduLKrfiacryawqbzM7b4qPfNA3Nn465kr2NQgVjrs4F8U8whRDmBbxKUGOICm73xNDbs7FlqURRB7FkYY&google_hm=NjM3MzYwNTYyNDk1NTA3NzUxMA%3D%3D
date: Thu, 23 Sep 2021 15:31:20 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 167B 0
12 B 17ms
15ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J0VekzijpGuXErYft1iCeZdnZ6EqMKYX6ev3-A03jugVJjUD6j6y4NAS0Fi5GbBtFEe0V4

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 WOdvqX5MrEWan8NE-dDT01W_bgveDh48divqo2Vh5b0.js Show response
pagead2.googlesyndication.com/bg/ Frame 67BD 35 KB
13 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WOdvqX5MrEWan8NE-dDT01W_bgveDh48divqo2Vh5b0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58e76fa97e4cac459a9fc344f9d0d3d355bf6e0bde0e1e3c762beaa36561e5bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 13:57:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5629
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 23:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 23 Sep 2022 13:57:31 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 2AF0 35 B
503 B 75ms
75ms Ping
image/gif 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=49494139&csi=uWnhJ-NJ7ElTNFjSpmF9JphOpCLTk25dLmefN8jiawbrygPkIxxfk7HBXbOayIRgyy5PHZTUd_YP5eC-n4F2D2QBbo50IEXs0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:20 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 134C 0
23 B 32ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 10123628.js Show response
s1.adform.net/Banners/Elements/Files/160090/10123628/ Frame 08AC 3 KB
1 KB 21ms
21ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/10123628.js?ADFassetID=10123628&bv=259

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

cdbea3c02890867773d1156daf1873907f2e477604d33810589d7e16c78b2391

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 09:36:26 GMT
server: nginx
etag: W/"611f779a-bf1"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CF30 6 KB
4 KB 21ms
20ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1c0d8ddb1da1c4ab296318d85e92a672add4bc6839a8c916d68ad86f9d74433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4401
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CF30 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 23 Sep 2021 15:31:20 GMT

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 1 KB
843 B 23ms
20ms Stylesheet
text/css 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/screen.css

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

6c547809a0287926ca482b0dcd4c9139dcf3682e34a298208943f14fb6d3b674

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 09:36:29 GMT
server: nginx
etag: W/"611f779d-508"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 08AC 30 KB
13 KB 25ms
22ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:29 GMT
server: nginx
etag: W/"609e6e91-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 117 B
413 B 26ms
22ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/introfill.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:29 GMT
server: nginx
etag: "611f779d-75"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 117

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 11 KB
11 KB 26ms
22ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/stoerer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

fc837140fc65aba75bd0ce0d768b3925f0a28f0f90969acf24447b4d856d5b49

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:26 GMT
server: nginx
etag: "611f779a-2b61"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 11105

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 5 KB
5 KB 26ms
23ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/text1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a6164c9273962d138d5662542f6c4ea5a9720498a8120c631b121c05b9c33760

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:29 GMT
server: nginx
etag: "611f779d-1308"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4872

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 4 KB
4 KB 26ms
23ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/disclaimer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

b7ff96a2a7a3a6c2afa75bdc1c65dccb0606f77bf8577cc00f701690fe6d0564

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:29 GMT
server: nginx
etag: "611f779d-10b1"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4273

GET
H2 200 date.png
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 1 KB
2 KB 26ms
24ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/date.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

6b3271ba54f7213b0e56eb7a5ca7826dd644a147d5ee490a1f4eba4b9d4d23bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:29 GMT
server: nginx
etag: "611f779d-552"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1362

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 1 KB
1 KB 26ms
24ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

dba74eb56d6edb1671a223af240c9e5e7420830ab206a5a665b847e8e654bc58

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:29 GMT
server: nginx
etag: "611f779d-4bc"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1212

GET
H2 200 logostart.png
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 4 KB
4 KB 26ms
24ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/logostart.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

92e97919f28859a08e4325a70f1287aca6884259f31400f5013a78b8fdc83206

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:26 GMT
server: nginx
etag: "611f779a-e8c"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3724

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 4 KB
4 KB 28ms
26ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/logo.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9f56fee00e0ef5c4546855c0535a5b34181adf16fe893e0c7d7184f6ac5d4992

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:29 GMT
server: nginx
etag: "611f779d-f22"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3874

GET
H2 200 model.jpg
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 9 KB
10 KB 29ms
27ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/model.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

45cdc1ac5f0c3c8608d092b149d316012617dfc64bd741a1e82e003175900441

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:26 GMT
server: nginx
etag: "611f779a-2562"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 9570

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 20 KB
20 KB 29ms
27ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/background.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

095df7533973889751cb06265f02d368b3dfa392b9c9b7aef687bc5c578ad9b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
last-modified: Fri, 20 Aug 2021 09:36:29 GMT
server: nginx
etag: "611f779d-4f29"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 20265

GET
H2 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 08AC 38 KB
14 KB 49ms
18ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 667466
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 13669
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qOtuhdhhydhsw0l7IAuc%2BiTEbiTw6x97yEgZP5z7XA56a8i0jY9HTtU1SaAyY8ESRju7fxhE5HtcA1modhIo1cI246Qcxb5Yfs8CCRrkY%2F0tS6O8RxlDHDffdMkR53lvR70iOQHoD%2FazjRJ1R1grt%2Bw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6934d1c76c11696a-FRA
expires: Tue, 13 Sep 2022 15:31:20 GMT

GET
H2 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 08AC 5 KB
2 KB 65ms
35ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1279730
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1730
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DLJS%2FzEo7EXORNzZvoKjz2CtGGpUSZ6dSFJ%2FUHzfciEnU5vxI9xRPGoDvb05%2FRjiEN7pfcw1ux8%2BT3uxh8dp1RdJWZNp00h6Ngt5wby0prFpD6O6Y4lgq2Pd1uWqCHXDBGD74WdcyIusjp2FXy%2Fli%2F2c"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6934d1c76c16696a-FRA
expires: Tue, 13 Sep 2022 15:31:20 GMT

GET
H2 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 08AC 26 KB
9 KB 47ms
16ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1875665
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8578
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W4Ttp3DjPiPqEKINbckajJYxyatE5lHeMLL%2FRBucv4u88%2FMp0vMgAJr4dsAOsjLGKSh9%2Bkja3hE8nO0x5JZaZVWulm1pF7QNa7YsiS%2FFqC51qTE1hgte4qrxQXCuyic7UYWeCvey8UAl8mZbUFqVsbCy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6934d1c76c19696a-FRA
expires: Tue, 13 Sep 2022 15:31:20 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/ Frame 08AC 7 KB
1 KB 32ms
31ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10123628/bvpath_259/script.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.209/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ebefd9f9a30821abaa70947288ad0667423676b437b83450a78f77fa4784c99b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 15:31:20 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 09:36:26 GMT
server: nginx
etag: W/"611f779a-1b44"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 WOdvqX5MrEWan8NE-dDT01W_bgveDh48divqo2Vh5b0.js Show response
pagead2.googlesyndication.com/bg/ Frame F6FD 35 KB
13 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WOdvqX5MrEWan8NE-dDT01W_bgveDh48divqo2Vh5b0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58e76fa97e4cac459a9fc344f9d0d3d355bf6e0bde0e1e3c762beaa36561e5bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 13:57:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5629
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 23:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 23 Sep 2022 13:57:31 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 67BD 0
56 B 38ms
37ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BxPocx51MYZPuPJfg7_UP1Yyh6AEAAAAAOAHgBAI&bg=!CQqlCk7NAAZNQyuQTUM7ACkAdvg8WpuGb9mjn8v5pDK034hRAbHjCbM5WDsQENMHv9lCyUEIjdtsTgIAAAC5UgAAABZoAQeZAwXodBRfWr1PnT-hy_mZv_ctchdz5yD1y5Tnu7Vvpc04sUtJPqejuVOB31eYGGJNvN7ZZwZ2_khbswKET9nFP52mq5dMsav0XfOWtFFXEQfO0dnkVcTr-1R24vmuXv1cEQlqKwgOZ1qNulX6SiR-asVvS5kReddjlfDVhhyNRbiG1A9x7mQR9B29AluAwyDB3vW5Zq1IOC4NNyCLd2wVgmVspCzINP_8EM_wNuwSw-1_aEPr9I3cEcijV4LyIa-Oznt4zKksz_JLRduHdZKDlhwU7GAUEED1kC-NS3082KrcLD88nP_1MzWqLo0Z4chYOEw29U910pLWY_DZQL5YEZuRa4dTik5n2R52kRB_B80EoVJsQBcSqlsQt5nBj7gjM1Kg6F1Horg5b87hvlbIbdvd44Zi9_hY-5ZmQPD9T3VsRRbkLe0KkQBq0Q5D5fSV82NT1kwIcALeJgSgSswxJLO38TC4nC3ElEGqq7l0ZXfFNriNWaxG8vareuXmzl8xt4nKRSQbCwIJTbIsuHw0tETk0PV9GDlULXHxiwBf2mvcBd4Bc5H6hhWbSjtad1usQr6qJTIVB7CbtZPiRISkiUPweEuiw25UPCfU-nNpfLjkopiwNphVlY9-3WE7v6gpibUgTLR2RKn1fMvD-2IVULv4acB0OVs4neOQjusWjJOTyDcIZO5mD1PlibFALpzMd85RGvd86a7PbqG8ENj30q-fhbLndQs6PeI4957hY3IOPv99MKxBHYt9dWogOEt7Zzl25vZiFrFC7u9cLbgqVPf-Lg3Q8cfJsf5Ve8SU6w6ZE0OcvH8XATNrSiMNRhM0dnXvjBF1vojZIYsVted660x0sgslZwMTl7wL-qmcOxrobnOL-9J-2O3-b9tBpJgRXiDpl1xQg-PpWj_g1l2U_FELUYLpxuGTq91bVYnCyb4Q62eqlFzdpbW_SxQrnfqiWPgpgPtY3hwk4GTgpIFyJicAQs78Z-IU9ZKG08V4JnILqr9u73otKRvua49ymWFkU5m0JKmtFg

Requested by

Host: 27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
URL: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EABB 0
0 46ms
31ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C0iEuxp1MYYuUO5nggAeGuLCwCKyxs55lqfOTlb4OZBABIP3_hSNgleKQgqAHoAHZ0uTPA8gBCakCqJr-i_Opsz7gAgCoAwGqBM4BT9BApYG1U-bqnZH46lI7DNgRSxyZVScOiFx8q6dfsNKSFH3rzR1bVM0p0FhCVuPoQ8seFerH9luaNCsweIwDlE59aTYb_2R8asCtofkM7BOM-x5qb2BB9GJA-J9ldSz6dVz84c0Po5jqVPyoT79_iOoq7w7yZ_SEsD1vbV8qOKTrbrT1abLo521Y2WFzPUy812OUzSqvQxHxo2w2BpvIkXr9kdsCtAguo6cgR1syp4oHFwlBCfxxVxWfoz1cbBkKKXYY3FdHOh6ITpa1FPDABK7F1pzWA-AEAZIFBAgEGAGSBQQIBRgEoAYugAf4sa01qAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQicENqAgB0ggJCIDhgBAQARgdgAoDyAsBmAzlwrvP0QO4E6UE2BMO0BUBgBcBshceChwIABIUcHViLTkxMzgyNDc2NTM3NTQ1MzMY1dsW&sigh=7yfgcU-ZpcI&vt=1&template_id=549&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EABB 42 B
108 B 38ms
38ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuv4ZCu8DnKrFg0ds1nEimc6Kq6JpVuhfx-TL2seA8c1Ev2BZmeyrHOEy2GArqwzp-_dYbAuJPlhPawf-C-GCtM5IDlPvKhk882mL1SRjTYIAg5LU7K2zCdUWkd03KxQqjpA7jA6PQ2tZbkBSqHK9Cz8uyTp6BZQw&sai=AMfl-YRnP6guCBBfRTw0whyJ2Wt0dvH9QmUGDuPgQalaALJBdVxQnbDw6bdgyM_Cke0ct8g3cNAcDJnm0WW5sIqcyC2jq_AtkkEdAzepMu3udhazIheWrPspR3f5_OG6&sig=Cg0ArKJSzBk4rBMq7nk2EAE&cid=CAASF-RowPDaf4Ds7zQJCPv4h8FT0XGAV4va&id=lidar2&mcvt=1000&p=820,1130,1070,1430&asp=820,1130,1070,1430&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210922&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=887870088&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1632411079481&rpt=994&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6D6A 0
0 45ms
31ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C199mxp1MYY6UO5nggAeGuLCwCNOdrqVlzeyChKYOZBABIP3_hSNgleKQgqAHoAHMqLDgA8gBCakCqJr-i_Opsz7gAgCoAwGqBM4BT9Doy2Pv7EwW3ewo_-Z1KYD_kCnTA7Fz84VgXyIOn_m12cFTje__GbN2a54kcBxj_0QkOd6g-uNENKEkOnF9CqCI9Y33qfcjKZp2G0p1pl54myawPDB0ZOHLoHljFFqz-nbpdBaGT-qK9QsbqwnAbQm4SNo5oz183yeiCn6Xnl7WtyImW7YSMCPyXQdllokwCTHntguI36PBB0s3vqOnX885SavKS9EjjS-mdDZKrNtzAZohMz2EFTknkudEHBoeQ6EnMHd0nEXtcy5AkYLABNbSz7zdA-AEAZIFBAgEGAGSBQQIBRgEoAYugAec8rIgqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G9gHAPIHBBCahgzSCAkIgOGAEBABGB2ACgPICwGYDPPG-PSqA7gTgwTYEw7QFQGYFgGAFwGyFx4KHAgAEhRwdWItOTEzODI0NzY1Mzc1NDUzMxjV2xY&sigh=Bc6HRBwMMu0&vt=1&template_id=515&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6D6A 42 B
174 B 36ms
36ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstI9OnVJkBHukVIzZuxLftyt43V1jZVYdqLMutbxPvo0I3nA6WZAtnZqTaWeGiLDxEsNGesVLhyXkK7mFD80QOlVwfsouLJOpjkRoqafYwYUGvmH-D2Hl2GvpiCfMm5d4JOjF21YtyiBw_CYhaRAAV6pq0-6j50Vg&sai=AMfl-YSmg1kolDcDNaGZbIXzFr9P2vIABYeohgYzE-8SlFbE82xUTEMLjVDA04modoP7J4VkXYz4Ju3kWBIaEFV_eApM1MpbS54aWyaC_TLK77LIYRyRFAvZh10e0Xml&sig=Cg0ArKJSzKthb7IbHmpSEAE&cid=CAASF-Rop5trzyRhy6jHAeiRf28Vj50Qw8um&id=lidar2&mcvt=1002&p=1020,80,1200,1520&asp=1020,80,1200,1520&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20210922&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2198103003&rs=4&met=mue&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1632411079498&rpt=956&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 213 B
527 B 57ms
13ms XHR
application/json 54.36.109.155
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18894/hb_298309_4139.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.155 , France, ASN16276 (OVH, FR),

Reverse DNS

p05.id5-sync.com

Software

Resource Hash

a02f7e8f1a8d51582f13dba855bd64a01cf9dac867cf05e2bc370623d8d4c78f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://1plus1.ua
Date: Thu, 23 Sep 2021 15:31:17 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 400 / Show response
graph.facebook.com/v2.2/ 202 B
631 B 122ms
78ms XHR
application/json 2a03:2880:f030:f:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/v2.2/?fields=og_object{engagement}&id=https://1plus1.uahttps://1plus1.video/mandruj-ukrayinoyu-z-dmitrom-komarovim/1-sezon/6-vipusk-starodavni-tradiciyi-guculiv-sirovariv-ta-sekreti-virobnictva-karpatskih-tverdih-siriv

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/assets/9262aebb/jquery.min.js?v=1522140588

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:f:face:b00c:0:2 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2122ad794ce5e80cdb03b7ad219dac748815ce94f291f7525bf6c6c4695a67f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004443089
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 150
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 14igapZu07isoWf2s16Hpp15L+67V5LLZYaog/v2YO5zpi7EG7ZzwcBURvOLUCDTq+IfPpVmRIvBkKUton3I6w==
x-fb-trace-id: CdPDBgi9mex
date: Thu, 23 Sep 2021 15:31:22 GMT
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: AGzg3Q5mTCaY3R9TN8GJnb_
cache-control: no-store
facebook-api-version: v4.0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 400 / Show response
graph.facebook.com/v2.2/ 202 B
305 B 124ms
82ms XHR
application/json 2a03:2880:f030:f:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: 1plus1.ua
URL: https://1plus1.ua/assets/9262aebb/jquery.min.js?v=1522140588

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:f:face:b00c:0:2 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cfbd7ec40244783ef127b425a31390acab0bdf8231a1920eae8279d98b2d6c5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004443089
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 148
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: qvMxrnuvXm756U7FAbONdvbtCr+AbKdYDaQ0Z7IJUWrku0/9hwwfi6B1ZUa69wkNoOhLqoGEH2uqVGBnASQUQQ==
x-fb-trace-id: BiLRR1ymVWj
date: Thu, 23 Sep 2021 15:31:22 GMT
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: AIIHsDw4AH04A94RsPFn847
cache-control: no-store
facebook-api-version: v4.0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 PageStatEntry Show response
sslpagestat.mmi.bemobile.ua/pagestat/ 36 B
130 B 43ms
43ms XHR
application/json 194.247.175.26
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sslpagestat.mmi.bemobile.ua/pagestat/PageStatEntry
Requested by: Host: source.mmi.bemobile.ua
URL: https://source.mmi.bemobile.ua/cm/cm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.26 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.13.0 /
Resource Hash: 147b1111edda7e2c2f9d672b5649de2f2dc5d5cb9dda7905198aa883a4273013

Request headers

Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 23 Sep 2021 15:31:22 GMT
server: nginx/1.13.0
content-length: 36
content-type: application/json

GET
H2 200 PageStatEntry Show response
sslpagestat.mmi.bemobile.ua/pagestat/ 36 B
130 B 43ms
42ms XHR
application/json 194.247.175.26
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sslpagestat.mmi.bemobile.ua/pagestat/PageStatEntry?cookie=AA81108B98B04E499D57AA5696E8B613&time=1632411082484&location=https%3A%2F%2F1plus1.ua%2F&referrer=&is_flash=0&session_id=251263902&version=3.5.337_ua/1.83&sw=1600&sh=1200&scd=24&spd=24&tnscm_adn=inline_cm&param1=~cm_timer~&param2=5&param3=1200&param4=3122&param5=7&vt=d
Requested by: Host: source.mmi.bemobile.ua
URL: https://source.mmi.bemobile.ua/cm/cm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.26 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.13.0 /
Resource Hash: 147b1111edda7e2c2f9d672b5649de2f2dc5d5cb9dda7905198aa883a4273013

Request headers

Accept: application/json
Referer: https://1plus1.ua/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 23 Sep 2021 15:31:22 GMT
server: nginx/1.13.0
content-length: 36
content-type: application/json

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame EABB 42 B
121 B 20ms
19ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CmbW_xp1MYYuUO5nggAeGuLCwCKyxs55lqfOTlb4OZBABIP3_hSNgleKQgqAHoAHZ0uTPA8gBCakCqJr-i_Opsz7gAgCoAwHIA0iqBNEBT9BApYG1U-bqnZH46lI7DNgRSxyZVScOiFx8q6dfsNKSFH3rzR1bVM0p0FhCVuPoQ8seFerH9luaNCsweIwDlE59aTYb_2R8asCtofkM7BOM-x5qb2BB9GJA-J9ldSz6dVz84c0Po5jqVPyoT79_iOoq7w7yZ_SEsD1vbV8qOKTrbrT1abLo521Y2WFzPUy812OUzSqvQxHxo2w2BpvIkXr9kdsCtAguo6cgR1syp4oHFwlBCfxxV1edrq_d6PQHuJtWR7lnoNjFVz4D1HkpJnXABK7F1pzWA-AEAaAGLtIGDhC1wrlSGKei6s3HAygugAf4sa01qAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcAqAgB0ggJCIDhgBAQARgdmgkaaHR0cHM6Ly9kZS5wYW5kb3JhLm5ldC9kZS-xCTAFDEBOY42VgAoDyAsB4AsBgAwBmAzlwrvP0QO4DAG4E6UE2BMO0BUBgBcB&sigh=0TzQdu0HZ8k&label=local_product_ad_view_product_thumbnail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame EABB 42 B
108 B 21ms
20ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cl11Axp1MYYuUO5nggAeGuLCwCKyxs55lqfOTlb4OZBABIP3_hSNgleKQgqAHoAHZ0uTPA8gBCakCqJr-i_Opsz7gAgCoAwHIA0iqBNEBT9BApYG1U-bqnZH46lI7DNgRSxyZVScOiFx8q6dfsNKSFH3rzR1bVM0p0FhCVuPoQ8seFerH9luaNCsweIwDlE59aTYb_2R8asCtofkM7BOM-x5qb2BB9GJA-J9ldSz6dVz84c0Po5jqVPyoT79_iOoq7w7yZ_SEsD1vbV8qOKTrbrT1abLo521Y2WFzPUy812OUzSqvQxHxo2w2BpvIkXr9kdsCtAguo6cgR1syp4oHFwlBCfxxV1edrq_d6PQHuJtWR7lnoNjFVz4D1HkpJnXABK7F1pzWA-AEAaAGLtIGDhC1wrlSGKqi6s3HAygugAf4sa01qAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcAqAgB0ggJCIDhgBAQARgdmgkaaHR0cHM6Ly9kZS5wYW5kb3JhLm5ldC9kZS-xCTAFDEBOY42VgAoDyAsB4AsBgAwBmAzlwrvP0QO4DAG4E6UE2BMO0BUBgBcB&sigh=a6i-kwIM_DE&label=local_product_ad_view_product_thumbnail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame EABB 42 B
108 B 20ms
20ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cg-Sfxp1MYYuUO5nggAeGuLCwCKyxs55lqfOTlb4OZBABIP3_hSNgleKQgqAHoAHZ0uTPA8gBCakCqJr-i_Opsz7gAgCoAwHIA0iqBNEBT9BApYG1U-bqnZH46lI7DNgRSxyZVScOiFx8q6dfsNKSFH3rzR1bVM0p0FhCVuPoQ8seFerH9luaNCsweIwDlE59aTYb_2R8asCtofkM7BOM-x5qb2BB9GJA-J9ldSz6dVz84c0Po5jqVPyoT79_iOoq7w7yZ_SEsD1vbV8qOKTrbrT1abLo521Y2WFzPUy812OUzSqvQxHxo2w2BpvIkXr9kdsCtAguo6cgR1syp4oHFwlBCfxxV1edrq_d6PQHuJtWR7lnoNjFVz4D1HkpJnXABK7F1pzWA-AEAaAGLtIGDhC1wrlSGK2i6s3HAygugAf4sa01qAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcAqAgB0ggJCIDhgBAQARgdmgkaaHR0cHM6Ly9kZS5wYW5kb3JhLm5ldC9kZS-xCTAFDEBOY42VgAoDyAsB4AsBgAwBmAzlwrvP0QO4DAG4E6UE2BMO0BUBgBcB&sigh=BB6-CUrHgg8&label=local_product_ad_view_product_thumbnail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 2AF0 35 B
494 B 21ms
20ms Ping
image/gif 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=8742736007638011222@@49494139,1502553531581780067,0|0|0|0|0|0|0|0|0||0|1|1|614c9dc70000d9460ae00fc6f40176e6_1|||1|0|0|W7XCJ853351X7EYoWZQhUYv5Nksw6l-5Co9ZWLK9DaXvCJ8UquV7CckllzAqADQrA7z_uuw_WOM1|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 23 Sep 2021 15:31:25 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

Verdicts & Comments Add Verdict or Comment

156 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

74 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
1plus1.ua/	1969-12-31 23:59:59	Name: _csrf Value: 3b1059429f89431451adf3add6c35a3ee6423546af275652e3654054177818b1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ewd1pyChuOJZjs-NoLdha5YbcGCm4x03%22%3B%7D
.1plus1.video/	1970-01-20 14:58:03	Name: _opov_sid_ Value: 0u7pae4in788rgv3sikr6ganaq
1plus1.ua/	1970-01-20 23:43:39	Name: _opov_hid_l Value: 6cccb956-2525-51a7-8895-b1f59704ddeb
.1plus1.ua/	1970-01-20 14:58:06	Name: _opov_sid_ Value: 0u7pae4in788rgv3sikr6ganaq
1plus1.ua/	1970-01-20 06:52:46	Name: _pk_id.2.1c86 Value: 3732322b0af566f0.1632411077.1.1632411077.1632411077.
1plus1.ua/	1970-01-19 21:26:52	Name: _pk_ses.2.1c86 Value: *
.adtelligent.com/	1970-01-19 22:56:07	Name: vmuid Value: 055091cb177a48bf
.1plus1.ua/	1970-01-20 06:12:27	Name: _hjid Value: 90ec019c-87c5-4755-b38f-4add856dcf74
.1plus1.ua/	1970-01-19 21:26:52	Name: _hjFirstSeen Value: 1
.1plus1.ua/	1970-01-20 14:58:03	Name: _ga Value: GA1.2.691999109.1632411077
.1plus1.ua/	1970-01-19 21:28:17	Name: _gid Value: GA1.2.1655961363.1632411077
.1plus1.ua/	1970-01-19 21:26:51	Name: _gat_UA-22507043-9 Value: 1
.1plus1.ua/	1970-01-19 21:26:51	Name: _gat_UA-113262294-1 Value: 1
1plus1.ua/	1969-12-31 23:59:59	Name: Value: store.test
.facebook.com/	1970-01-19 23:36:27	Name: fr Value: 0s0284cw3VeP3Z7ft..BhTJ3F...1.0.BhTJ3F.
.1plus1.ua/	1970-01-20 06:55:39	Name: __gfp_64b Value: QJ67Pts8nqT6tiMqm7AeHKcodUqUsUBfNyLrhnzErGj.A7\|1632411077
1plus1.ua/	1970-01-19 22:10:03	Name: _pbjs_userid_consent_data Value: 3524755945110770
.1plus1.ua/	1970-01-20 06:12:27	Name: _pubcid Value: 4c8afe06-d4e2-4163-b985-172b3953efa5
.1plus1.ua/	1970-01-19 21:26:52	Name: _hjAbsoluteSessionInProgress Value: 1
.openx.net/	1970-01-20 06:12:27	Name: i Value: 4c8afe06-d4e2-4163-b985-172b3953efa5\|1632411077
.betweendigital.com/	1970-01-20 06:12:27	Name: dc Value: mow1
.betweendigital.com/	1970-01-20 06:12:27	Name: tuuid Value: 50249e71-74ba-510a-b771-5594d63dc851
.betweendigital.com/	1970-01-20 06:12:27	Name: ut Value: YUydxQANNtCJ7pzBjk4CXPnECobEV7yU1hd85Q==
.betweendigital.com/	1970-01-20 06:12:27	Name: ss Value: 1
.betweendigital.com/	1970-01-20 06:12:27	Name: unm Value: 1
1plus1.ua/	1970-01-20 06:48:27	Name: cto_bidid Value: yE0_sF9jdkJNVSUyRlVRSmIzVmY1NmU3cWt6elNDSnJ6SmE4JTJGcmtjNGloSlJLV2pjTkY5NGt2SVVSdVFMcVJTb0VYSnJtMyUyQmZJVWhLVjRpbHV6UE5wSmZwODBNdyUzRCUzRA
1plus1.ua/	1970-01-20 06:48:27	Name: cto_bundle Value: yD1fe19rS2JWUjdLVm9vZ1NIUml6a3pwUWlMJTJCWXoxREV5cVZpMHQwTHFrSXo3bmw0QVBDaEROZUZuSHNabXg3NkVXTWlFV1I2QjVSeWdsS29NUU8zelZKUmN5S2olMkJGMXJoM0NYZGZhU3NPVVFnbmE5Wmt2U3FjayUyQm02aDRXbHQzaHdSbA
.adnxs.com/	1970-01-19 23:36:27	Name: icu Value: ChgI4axaEAoYASABKAEwxruyigY4AUABSAEQxruyigYYAA..
.adnxs.com/	1970-01-19 23:36:27	Name: uuid2 Value: 5677108760447002957
.adtelligent.com/	1970-01-19 22:56:07	Name: a319130 Value: 8733a84a-5a0f-4330-a360-4a20cc6c887b
.admixer.net/	1970-01-20 14:58:03	Name: am-uid Value: 19f3a97d261a45b58344c5ca7b302b39
1plus1.video/	1970-01-20 23:43:39	Name: _opov_hid_l Value: 5f7f60d1-6483-5ce8-9375-487494c8fd7a
.doubleclick.net/	1970-01-20 06:48:27	Name: IDE Value: AHWqTUk_wV5chyZkJVX8skA1Yhe6o5bHwPn4FIv7Xj-HEehXIk-ZWXVbOJmjxGJ4lZ4
.1plus1.ua/	1970-01-20 06:48:27	Name: __gads Value: ID=d4587c86f7328117:T=1632411077:S=ALNI_MYJ2jg_KSQHCPG39YfqASIYMgP8YQ
.criteo.com/	1970-01-20 06:48:27	Name: uid Value: 14c696a3-65cf-422b-b1e9-bf4caa40feab
.hit.gemius.pl/	1970-01-20 06:55:39	Name: Gdyn Value: KlQ31RXGQMQGEMbm4BV5mRFissGMP19iL6nxmGtjeQ6xlJrxss58IXKGbyjSssX2nsGfGnZwHQ2xx1GgxcxSD8CB07l8MG..
.adform.net/	1970-01-19 22:10:03	Name: C Value: 1
.adnxs.com/	1970-01-19 23:36:27	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C%svneLp!]tbPl1M>e)ZlrFUfJ+tGXxoD`b^-kD#@e3FRGE1aX/3>XueEd_K?AUW'D8ybpRzqF1`*b_BO)sLBg
.1plus1.ua/	1970-01-20 06:48:27	Name: cto_bundle Value: yqN4e19rS2JWUjdLVm9vZ1NIUml6a3pwUWlJUDVwcURBJTJCaVZ1TkhNa1czVCUyQno4SWlsOWk0TCUyRjVJVDBFNnFBemltaEo4ZVhxJTJCWU96aFh5UUltZnZMNHd6Q3dUamJFSEpvZDFscUZyaWJ2alloQ0EyVzhXdnJ5NjZWdFN6dGFuVWR5VjU2b3lnRE0yc1NhcFQyUldWM0VuMkR3QSUzRCUzRA
.adform.net/	1970-01-19 22:53:18	Name: uid Value: 8742736007638011222
.adform.net/	1970-01-19 21:36:55	Name: TPC Value: 1632411080418
.blismedia.com/	1970-01-20 06:12:31	Name: b Value: 614C9DC8F134B998F9BDD6F3BLIS
.travelaudience.com/	1970-01-20 06:55:39	Name: _tracker Value: %7B%22UUID%22%3A%225C4CB1FC-9714-4900-A38F-C51892E342E5%22%7D
.ctnsnet.com/	1970-01-20 06:12:27	Name: cid_25a91a45d3ca492fabfe9446a778e229 Value: 1
.ctnsnet.com/	1970-01-20 06:12:27	Name: cid_3439ae4fafad47809cb7eac8eda8774c Value: 1
.3lift.com/	1970-01-19 23:36:27	Name: tluid Value: 13390896751248107451
.lijit.com/	1970-01-20 06:12:27	Name: ljt_reader Value: a6eaeb1aa793d8a2a7f7c0d6
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA129ciMystwi8_LMy8vCM50cY_3KvYJzAcADarj4x4AAAA
.rfihub.com/	1970-01-20 06:48:27	Name: smd Value: H4sIAAAAAAAAAOPiNTQzNjIxNDSwMDA1NAQAn5beHw8AAAA
.rfihub.com/	1970-01-20 06:48:27	Name: rud Value: H4sIAAAAAAAAAOMSNjI2NDQzMzQzNTQ1NjYxMDA2sxDiM9Q1dcwzj49MSstw98yU4jU0MzYyMTQ0sDAwNTQEAG4Nn4g0AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjI2NDQzMzQzNTQ1NjYxMDA2sxDiM9Q1dcwzj49MSstw98wEAAKh6lAlAAAA
.rfihub.com/	1970-01-20 06:48:27	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA129ciMystwi8_LMy8vCM50cY_3KvYJzA_iNTQzNjIxNDSwMDA1NHjFiMI3BABQj3kjPQAAAA
.bidswitch.net/	1970-01-20 06:12:27	Name: tuuid Value: ccaf35a1-4f61-4260-ac39-ce2d5aecb01d
.bidswitch.net/	1970-01-20 06:12:27	Name: c Value: 1632411080
.bidswitch.net/	1970-01-20 06:12:27	Name: tuuid_lu Value: 1632411080
.turn.com/	1970-01-20 01:46:03	Name: uid Value: 3378052509954500258
.simpli.fi/	1970-01-20 06:13:53	Name: suid Value: 8831A89CFF594D619DB324783AD737E7
.1rx.io/	1970-01-20 06:12:27	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-57bd6e2a-204d-48d8-8f8d-2463ceec3c78-003%22%7D
.bidswitch.net/	1970-01-19 21:26:51	Name: google_push Value: AYg5qPK17oNlT3cPqTm3fjdTVLJrJ7WKpQBj5GUj9LBdKgxCkz60vwbUlggbjyN0rVP2DOFX7IGcL9nuuT_OEScPqgRmbddZoelq
.quantserve.com/	1970-01-19 23:36:27	Name: d Value: EBQBCQGoJIEA
.quantserve.com/	1970-01-20 06:57:05	Name: mc Value: 614c9dc8-91b45-9f35a-6179b
.targeting.unrulymedia.com/	1970-01-20 06:12:27	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-57bd6e2a-204d-48d8-8f8d-2463ceec3c78-003%22%7D
.pubmatic.com/	1970-01-19 21:28:17	Name: KTPCACOOKIE Value: YES
.m6r.eu/	1970-01-19 21:26:54	Name: test Value: true
.pubmatic.com/	1970-01-19 23:36:27	Name: KADUSERCOOKIE Value: FC2314C1-8FFD-4C5A-84AD-EB76B90037E4
.m6r.eu/	1970-01-19 23:36:27	Name: cct Value: 1632411080760
.m6r.eu/	1970-01-19 23:36:27	Name: id Value: f5607a47bcc0324ead0d871071fcc86f
.casalemedia.com/	1970-01-19 23:36:27	Name: CMPS Value: 5202
.smartadserver.com/	1970-01-20 06:57:05	Name: pid Value: 6373605624955077510
.tribalfusion.com/	1970-01-19 23:36:27	Name: ANON_ID Value: afnseFmge07ousnA7ffHZbmqcvhZchWFkBl84FOQZaH8K7KjaQfwZa0trEbkpuOl88xSjc5B3KRZc4VyuIHjcZchKx
.casalemedia.com/	1970-01-19 21:28:17	Name: CMST Value: YUydyWFMnckA
.casalemedia.com/	1970-01-20 06:12:27	Name: CMRUM3 Value: 2d614c9dc92760CAESEJaSaXhpzJFaIWwqivmp5fA
.casalemedia.com/	1970-01-20 06:12:27	Name: CMID Value: YUydyHp0W37nj5IhBBRFtgAA
.casalemedia.com/	1970-01-19 23:36:27	Name: CMPRO Value: 1130

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://1plus1.ua/(Line 967) Message: Allow attribute will take precedence over 'allowfullscreen'.
other	warning	URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 72) Message: Origin trial controlled feature not enabled: 'trust-token-redemption'.
other	warning	URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 72) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://graph.facebook.com/v2.2/?fields=og_object{engagement}&id=https://1plus1.uahttps://1plus1.video/mandruj-ukrayinoyu-z-dmitrom-komarovim/1-sezon/6-vipusk-starodavni-tradiciyi-guculiv-sirovariv-ta-sekreti-virobnictva-karpatskih-tverdih-siriv#player Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://graph.facebook.com/v2.2/?fields=og_object{engagement}&id=https://1plus1.uahttps://1plus1.video/mandruj-ukrayinoyu-z-dmitrom-komarovim/1-sezon/6-vipusk-starodavni-tradiciyi-guculiv-sirovariv-ta-sekreti-virobnictva-karpatskih-tverdih-siriv#player Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1plus1.ua
1plus1.video
27667872d614ebdda91406b2d5403c31.safeframe.googlesyndication.com
a.rfihub.com
a.tribalfusion.com
ad.turn.com
ads.betweendigital.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
adtelligent-d.openx.net
ap.lijit.com
api.1plus1.video
assay.1plus1.ua
bidder.criteo.com
cdn.admixer.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csync.loopme.me
dclk-match.dotomi.com
dm.hybrid.ai
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
gaua.hit.gemius.pl
gcm.ctnsnet.com
ghb.adtelligent.com
ghb1.adtelligent.com
ghb2.adtelligent.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
gum.criteo.com
hb-api.omnitagjs.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
images.1plus1.ua
images.1plus1.video
imasdk.googleapis.com
inv-nets.admixer.net
l1.heyhelga.net
ls.hit.gemius.pl
mug.criteo.com
onetag-sys.com
p.rfihub.com
pa.tns-ua.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.rubiconproject.com
player.adtelligent.com
prebid-eu.creativecdn.com
r.turn.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
s1.adform.net
script.hotjar.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
source.mmi.bemobile.ua
ssbsync.smartadserver.com
sslpagestat.mmi.bemobile.ua
static.criteo.net
static.hotjar.com
stats.g.doubleclick.net
sync.1rx.io
sync.adtelligent.com
sync.targeting.unrulymedia.com
t.trafmag.com
tpc.googlesyndication.com
tr.blismedia.com
track.adform.net
tracking.m6r.eu
um.simpli.fi
vars.hotjar.com
vc.hotjar.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
13.224.193.122
13.224.193.73
13.225.78.105
13.225.78.14
13.248.245.213
142.250.181.226
142.250.184.194
142.250.185.162
146.0.227.110
146.59.30.104
159.253.128.183
162.55.6.210
178.250.0.157
178.250.0.165
18.198.86.30
185.184.8.65
185.255.84.150
185.33.220.241
185.64.190.78
185.86.139.103
193.0.160.128
193.200.65.5
194.247.175.23
194.247.175.26
195.137.240.108
195.137.240.12
195.137.240.18
195.137.240.20
195.137.240.80
195.137.240.88
2001:678:cb4:bbbb::11
213.174.135.2
213.19.147.45
23.60.51.102
2600:9000:21f3:a600:1e:a43d:b640:93a1
2606:4700::6810:135e
2606:4700::6812:d05
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:800::2003
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:808::200a
2a00:1450:4001:811::2002
2a00:1450:4001:811::200a
2a00:1450:4001:812::2002
2a00:1450:4001:827::2001
2a00:1450:4001:827::2003
2a00:1450:4001:828::2003
2a00:1450:4001:828::2004
2a00:1450:4001:828::200e
2a00:1450:4001:82f::2006
2a00:1450:4001:830::2001
2a00:1450:4001:831::2008
2a00:1450:400c:c08::9d
2a02:2638:1::13
2a02:2638:1::3
2a02:fa8:8806:16::1400
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f030:f:face:b00c:0:2
2a03:2880:f12d:181:face:b00c:0:25de
2a03:90c0:41:2801::254
2a0c:5c81:5142::2
34.96.105.8
35.186.193.173
35.186.253.211
35.190.0.66
35.244.159.8
37.157.2.235
37.157.6.234
37.18.16.23
51.89.9.252
54.36.109.155
54.37.238.28
62.149.0.72
66.155.71.25
69.173.144.138
72.251.244.142
72.251.249.14
88.212.252.22
00f83b9228a493e86138bdd97f1e0dd725dcfdc5dc6ae0662c2ce21372039004
02b5be6cf36c11aae65615a17c309a29c8b085648ddae4f85a86783bef15e224
032d15b74357d5d394566b251ad65f2aa8f8aa92226e488e6562c2e2bffac177
0525790782a0da95a07fdc1191d1fc719a604d8d816a75ba7e6bcde554c46fad
087c5ad811ccee261e1db707889ff29930b5d2f401e5f67ad1dfdea793dcc855
08b13e9bd202db706536afa6af63bdf52d90b660021f3eb3297f139d49ceb049
095df7533973889751cb06265f02d368b3dfa392b9c9b7aef687bc5c578ad9b1
0a4e2444504ec2087ae4d601da60fe40dac4648a4280415b6cbaa5d2a77600ec
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0c85b338683281b98d34c70608ec3571a19ecf65cdb1d3f979aa8a16e9998387
0d6acb8e8b16cea63c83615e5953e24e2793c8d575c63639175a321b4bfbe3e4
0fb1468e01fc61820e905556d9a6bfd354404ea647b17db099f5913efa77658a
0fc2fc5d88d357fa83957e664039e6a19588081e55a215d8d077eed82d43beba
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1131f8229e8b45509ddbd867eda946c81ad477612d01f59312ec83cc050dabe3
11c1ab6a005c6c7a2d15ac8f8c4a94cbd6e681817531dd806e1a41dcaafeefed
1252a07c4db3367b430e6e5c15e30d0cd879c1edbb2926dc7d75e4eed0a1080d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
147b1111edda7e2c2f9d672b5649de2f2dc5d5cb9dda7905198aa883a4273013
14dd5bd4041ab2c4012cb5acbf329528bf2d3a14889b416debfb716566c578f9
176cec0c0610df2346dd22066f273900fa263f1071814b001d07ffbd654b9eda
18490029527d0166564d08d77d15347f5c7604cb916606860eb0bf458565ba9f
189901c219e9c2c63d7b5211a6455744cb4fdbccc6c15fe15a1bdfb870ba2d47
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1c308b71efa2cfe41244ef14564a3864945627e634740d81a520f1589305f669
1c733809a15b6fd666d9c4e02e6fbf1382e73b5fbbba07d4cf8c5f33046c035a
1cc9e0ac0ff231ba3fc0c9c42b40ebcc6c5a3058722ca99eeb0fed41f3efb997
1d20ef34fb2b7a8d6409fac19fabba3fe1c922c674b469e57b92aed5a417d3ea
1d7090cffe659d13f8c2317673a974709d4704dd869d45f19376f8f3ec6cf9a0
1e93a05ff1f25e9d6edad765934514cc2fe3665004528f8c6759ca604d6c652d
1efcab4614844be6f15a1e305893923daefdabc9360d83f42b8f92496fe02c3f
20e00c1877187d690e82126569743876248ba7bd043b34138707b48c7663aeab
2120a82761f93604a9507c84753a7df968f38ee8bb3a07f4b544ce1b1c350acd
2122ad794ce5e80cdb03b7ad219dac748815ce94f291f7525bf6c6c4695a67f6
23f6147ca5720cc69303cdbdf8ddeb002ec83b6eb14d3c914d16f965b792b32e
25223ebcd6fd1a448870e5470f374170b5d6aaf0075b1f0bc6cffc2b399529aa
255911b9f4896e6e6b223bb668152ffe939f182cef38c41f51b9c83c72c3cc0b
25a9c429df7670c014ab6547b263479f01af5876d705d0e29a14e5433b1bf891
26a0453498a4dd295cfb3fb7c22f417024a3f7168ecc346c7cd9aaf886f70b82
27789660783e95976ed951e0868169b31911b8b95f10ad6b201dd32403a65c38
27d9fb255a6b240375dba72f8befbb61f4c1377ac6c64db752fa4b04911c0f45
289d6e0a0907342fcc661d9944f30ab735754993b96f13f5b59ef4f5269b40fd
2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2d310648a31461f6b76c38bca295da135b9825938ad1defab174fc29b414487b
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
33a2b43d9139d035ea13e160d22403c7f5b52fd9b685fb8f9485646336a15a7e
33a3fdc40352c38d67dc1ca75dd2acc8280c0ef1b6402d81fe45e8afd528cb65
33d18bfaad19367135cba7d9096fba55164cd67b8e5819617c6d6b34bd43454b
3414b58bed1def0f8a1f6eb4d0a00aefe269558f7c83e4991514f7557906d5d8
34fe6ab2eaee120b51ad72394287ff0629d1a460f532518117ddb4f45ee87ec0
35a64bc918c699657cc8037d618a1d9fc0a2f7c88ac5bcc8105902dacb4440df
371f0ceab6655c8448f64525b1d11186cb67ca91398655ddf145c93d77964f91
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
3a1647b7f802022b463442eb927665c20c86dba58894a05984d3f1d01169ee3b
3a7921cff11764562154e206befc8a3cd10257e89b3e4300a6a97343086cd4cb
3a7ad5974f3d165d1a83149795afe792e241b0e6a41078c6e14bcecc5449934e
3b5162e97e0561b1a659efc32c3e0625a4f6ed0c9eaafd0f8b1c056e3074ab13
3bd097788140ca91bd593b4437a9bff97366419a46c6a23d620e429e63d9f277
3d182116a4eca2bcf0e80bf9c6afc02ae7190f7f6ac54441c3561307b267b868
3e89a5702982a18850faa2c7c7b2aab10a679e40801662cbc47fb0d8ecb60917
3f8b3e429251ff0f3e0ebec8e9eaeb655819c8a9aa154210866843d1fbc87a4e
45cdc1ac5f0c3c8608d092b149d316012617dfc64bd741a1e82e003175900441
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
47bcd6300dc99708d9a484c5078936d8d812c884c88378e6b7eae949ae00063a
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a0a55ede49967613efde001805c862157a4f477f3546dd3c197a8a1d6398d82
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5053ab3f73bc9c12f1b5ced0dbfbeaf92f8484d6cca52239c7d5b1ba756e6c16
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50c19217f5140cff82c4faffa65cac7e4973528f75c1d8da6e33946ef37a8209
547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55b22013e73e23ac999a9cc992559752c50c1ffaec76f2d7a44c9bcb38faddf5
55b6a6276b53d4aeb9b1c841db9ff49b552897ee4faa32937a39c7da50f05958
55fe7d89155f2a1e03d7a036d6618febe2c57d2373f024709f25540963f61c7f
562969de5b2d4db0bd23d75b98eed8490c5de2bd2d5fc9bb198826a47507549b
580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0
58e76fa97e4cac459a9fc344f9d0d3d355bf6e0bde0e1e3c762beaa36561e5bd
594ca5002b9cdd63b301365c4dd76f3a08e23049f6aee1f62258d20da8ef1345
59f334477b221b1cbb68b260ef3cfe369a8e2d96f2ed1a20cc72756dd6f6fb7b
5c9b589c8b9082b39d00e24848ccca4155edc9f8fe629fce433a93381de398b4
5d1b56a762d63b6e9bfb8a70552ce75c1c3938c782f8d9de971ecc960836c451
5eed273d16f8b9f330c78d58eebc4c1cfb64346a84a9bc8781afe1bc69077d67
5f23183c6177c8d548b659d3e3f9e453dfd9235a75c7eb4b042a2bc76dd3e999
5f9ecc527406b9b72bc3a9f4527892dcf842584b7e6aeb7ce816a4c7c8803954
659f47dd48efbfe049bb3243283145df22b9c1efb0f7c10cbba5981d31efcdbc
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
66792ec85dc3e98377a64ffdfadf8ed923918d6a48a235f4f2f4d7b55788805f
66c9891e4f5ffcc8a9d4bb2a2f388255a03fc64656607723d507e17de5888c06
683cf81f41bbfa7c4c285e41502f9fd3b281a7e783a218479fea00ec84953e2f
6866bcb357b70cff69e9aa8238ea93b8e6aa7a0bddeb90bea0e5bd3e44b8f8fb
69a916245e4d68cb9a4493c8e1a6bc39c1a68197b48b2cae014a2b06cdc9b8b2
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b3271ba54f7213b0e56eb7a5ca7826dd644a147d5ee490a1f4eba4b9d4d23bd
6b6f9d378e1f4b265667bfcf54dac3cd1b1edc6a2659264823434e4702601a5d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c547809a0287926ca482b0dcd4c9139dcf3682e34a298208943f14fb6d3b674
6db67dbb3d6ecef6c26429b77248044ad075529ae2ae1e0a799fd198eeecb0b2
6e1fab0987211581657a25273dce874d533e7aec592668da6e72ef855ad0759c
6e39ba4fad6e787f935f33ea8dac9105b1384cae25041a12bc108805c86598fb
6e9a2212524de9af4028553d334fb40d87473dab754c181a4363d415db080257
6e9ecc60a57f40a1b302033756775da1fc7272d9856a92dad5e71a36e2f8f0ba
6face93cd0af18a22c07b4fc1f3a0501fd670aa5d54165b07c3da4b9bc2fa7ef
713178cfac763a48a3529a300b017de99cb8678dbc8c80ee39d14c1d57d20114
714576ef1d7b58980b7658ae9b8b4d74a223fba87934dc442db4098873e179a3
7426a6e81ee72c73354b41046a03c36f43578de921153c7bc5d85229bb7a9bb3
74d60d918320c3e93c680d19368d0da4924ff04ff865967c0815a135844caa1b
751dcf9dcab28e7704b6c2b25d6288581f8a45af878fd628135cec03d8112eed
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
7861927b42ad82ea82534149d813091dac7ea282c78ebc2627fe2e6a729b21e4
7b90253fd93dae3c4bae4ef55d38fc0550b3a58caaa0408505c581872ca46722
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7f4b62d09dc30ffd1f6943c722fc053199beca02c3a5962264608d05ec583484
7f4e942b89543c917fca335351a2bd1d968c5415f04b2054d01348bed12dd644
80590ab9a655471fcfc3b9b5eeb31839df6b81578a940a95b8cd778fd54db2b1
820a5c6758c92428368ba0b8ec651dbd593aafd0046c9e970c0252bf4301828c
830527b04ff3e5ae7d8f62ecb5f1aa2ece85a7a741b332051561787b52ddffcf
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839d3987d00b948eb071fc35a4cf1d9e8f9f20ce12ccf82e6bcdaa8f760199bb
83fff1e1a1ce14422fd71122690ace489789895557258e4dbc7a3372895feacb
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85b26daaff7a38cb4bee7a5d8a99c84b4d6556a9df6db213a912d0d8bbd56389
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
87e7529cc6d828650a73becf99c3b85fd526c2b0222ab78160658640f8937826
88b3761c057ce5f4613caec435045e474ee799b3124c0db590f33a9314a25617
88ca677c14d4217c2f6b8c8964a1d172027974c4c0839e4d531ad7d3d6de1987
891e5016585ea32c4d7e6df6daec24be87cccbe48af8a4930251dc4ec1d6efd7
8abfb95a0d75c4822ccf98fefe287247d26b6e753988814d82838af1bf59c8c7
8acc3a82855ddbc4e31e109fdb9036d127bfcd60e46bc1895594bf23ce1c4572
8cccd7da46e757c29d90ebbdd06911e724baf818543d032fe7fd657761008dbe
8d40278bb12cc592fa90a2d3d5b11d31c5d156bbbd2e128b1f3ca7e87c7eb5ff
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
8f9e71ad37578a2db5a8e702ba31316a65dc3f36b2883198adab4d8261631483
92e97919f28859a08e4325a70f1287aca6884259f31400f5013a78b8fdc83206
93e3f4a80e5e0b448a58947028eb19f4c62c95a402b4df807a22c2250d4e764c
93f1be532a3cec387aa659484bd4cba2e729e26d87d57c0deea59ac9cdfc4fb3
9659a6037d231a06278478ace5eefb67422c2ab89f64f0ba090d4557543c59bd
96addbace84572f473407eec66f6a5ad11882ab3396e4de1cd7d9d0326fe2011
974f2bbaea34f0c01bbaf12d439695df1a579ce8274180da38cf8f1771fdcb49
998648454a82d045bdf6896f8001625852c18bddaa371d07e67d9373ddf9f38b
9a9a466cd927c64b4e9b81e29beec7d80422fb985b26a1ec038abea10c74c1eb
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b3d67efcbc4b5e0b6369dbdfee0cfc244e67531fb967580a1c54402c5030786
9b81c5ac867b705d32b4ed0468718e77aba7b745b8d9fbebca79adc5229fdb97
9b99450717649bd5715ae5cba0e064d8cc879abe705815792d66097163cfb576
9cfc3a96cab0eb315783265b6db554e532e060952d409399cc7dd1d7e775b9a3
9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd
9f56fee00e0ef5c4546855c0535a5b34181adf16fe893e0c7d7184f6ac5d4992
9f82c0bab21e34ef2d7efedf73a6fcd4ad8c14a8f20723785bfd2569f6cd08d7
9fbd16f2185f5ff5b9f523eda17f2e230fc630cea6b158e95156ac0053017a1c
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a02f7e8f1a8d51582f13dba855bd64a01cf9dac867cf05e2bc370623d8d4c78f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a12c1931b77757059b186784d53fda5f28a0d29e0f0e8e972f119d16d8535194
a1557ddcd7e10c79540d4b18e095c32f057994206d22fa1b02dad13a01c3329d
a15cec027beda843ebf0a4ecf8208346d870a47a1e481eaaa43acb826ef619ca
a1b81fdca6b0075b92074a8faedffd245b6f251b5db395a1d2e386ab1d0c0690
a28ec197ef473224031cbe24a6574f7f17ae45e322c01e7ad52d0866841921e8
a3eb4ecc51f5edd11da1af7ad648fb4ff5efda6460f4c1584903390d82a8ddec
a423a6f66245ac6465f3dca7ff0535ffb1944b0b73eadf99e187930a52d6b824
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a44d0dbd6674f6bc5ff19108f139572b3c1425e2177094d05a2f62e88b79dc8f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c124c0e8e76997b47b08bbb624421ecc879fd117e8b4845f6123fa82ffb472
a5af34b74868f58da2483e0ad87af7bfb087d4fc23ee86139a4fba443bb66e5f
a5d30e65ec090ce2a5bffd1e39c1e9a3b2084ffe1f4911e4eba57f66af4c4c87
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a6164c9273962d138d5662542f6c4ea5a9720498a8120c631b121c05b9c33760
a691ce0fb054d5f2128394b9ad9c5961d7c0cdc1804bc83d6760df78ee304d7f
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7cb9d364d57124bc9236b4dff3395fb1f4c91e63f91b5277631d378b918a87e
a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4
ab4630f9ac691de65c6a6b41b189c348c4cb4c2cfba2582dd028f58ff1a14677
ab61b686264fb40bf1a51907f060d0e3b703c1b5494c65cf138f41093097b925
ac04af14591f59be711b015d623154f3cd61eab114e9ee33563a2b30d55202eb
aed281a03eb2c399c6ae6905f013786f46ace997e638e451c6d19abf659f16d8
b06437eb7d795fa51787e55d921e1928e9e32e45495f34591115b24a6a6c2790
b0fe563c0d2c46b56e718bf650bde4c12832349a08ae5c8583b66fc60495ed30
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3a53c332e45aa0018f221153024540343536fb532449694cf81d710c9a5b5a9
b41e03561fcd66267e40478b43dfc163e850387b636883e84aa4c8947bf273a5
b460354d7654e359ed86074554657df0f28915ea6dd7c3a711c6b5a9ce63fae5
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
b72331d9f847ef49e7a8c6ce755781ed88741727c9fe6542bcc122cf2e22fb9d
b7270eebdd28e36429f0d0e219d7218f784b37037ae502644291f27df00d3cbc
b7ff96a2a7a3a6c2afa75bdc1c65dccb0606f77bf8577cc00f701690fe6d0564
bb7a8c984417a77f846d70464f10364b4e5cb40c50ad1140b805bf43f2984b4d
bbba232bd76572c3cb2bd6e70235dfbea33a300b16fff02488006a8164cd624f
bbbc44e5ebb0694e2faa4b84737dc33d6b8fa9d0eaa8b5f63ac3537130cb07bf
bc33a05a8f5cc0bd452c271663ebd7d43138deafe14d665df73e4411354df396
bc612c0463c547f2d209aebf6d513fe30242194a0c14739ac81495248c0c4d66
bc63d003aaac951eb3b5d84ca366a89514e48d55dab0f3104704ce0203771834
bcb80c86da267703311d2eeb3bdb5af0dedf63589d7d6eee4ed81f4bad7537f6
bd0c97d7c6d30068384ac78dbb20bd97a617b817b7f6a7ed6468fee2356d1f62
bd749937338d3e6a296bf29ef9854a92196c8880fc83a5082931017c74edbb48
bd9072da49e87b2c3688527532eb51a54a6886366915be497e4e2de0c83e5859
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442
c198bb72fb929a5dd43986dfc9365a29d493ce9243d20f33f8be57a9e5f1adb4
c1c0d8ddb1da1c4ab296318d85e92a672add4bc6839a8c916d68ad86f9d74433
c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809
c53daf5400b2cb760e78b381ed9b88d0caf70505cf01f03f5ca06776777d69d0
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c6d161d7e7bc133721119f82649d013888410dd147809396f9d0cddb66614f26
c747269afdd05dd3e95759f3d697cd767d460fc40dd7f49ba902885c9ec70e70
ca6f9a522805e40f41f8acdda64abe7999980cf099b9cee3aad2d8651bb7fdb5
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cdbea3c02890867773d1156daf1873907f2e477604d33810589d7e16c78b2391
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfbd7ec40244783ef127b425a31390acab0bdf8231a1920eae8279d98b2d6c5f
cfd5a04c696bf13721ea7b8d1094c8432135fc5f9d457ecf2c1d80bcf87e2235
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0f62c48c09bfc43caf70de1df8917631625badb54e3b2ce193bc69f56d37d9d
d684b14de0a16890ee2edc6a43c1aa33637b6ff1fa129f902a6c349838b146ba
d685be744bcc4ec9c7a7e0fc2e9df800ef64fa7274294ccd8eea293a027d2af3
d8144ce2cd5918de3beabc8fd113ab560103033fae3956e093b688cda5732a50
d82f577f33e9d99c9208545d5f4048c11995085faf1aba98db70b354a002914f
dba74eb56d6edb1671a223af240c9e5e7420830ab206a5a665b847e8e654bc58
dd06a0087892d5fc2c48e739d0b78be40a85809aa1cc5a21f8cfffe5abe20e13
dddc208bd49f00fbf8d246360469328b3acf52a8af3e4ef1f4215e914a4693a1
de04c4cdaa8d47b3eae5414c4b847ab6de467fdd4b950e707ceca58fa3ff5c41
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deb61e8805c38a2276f05c152d46cf436199712fb3f9f1b72c3bba880bd782e5
df3305662fa1b7c0366a39acdd6bbc48dc9bf38e5472dd3faa46ac472023c248
e0b0468f5eddaa35e3ae610759a1dc09023a28d83a049965b4e1c6b1a0f1dc7b
e359ae3a06ae02c38ba2d09707dee364ab18c64164e7a739eae142294d8dd499
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4aadb2562ca721cfd827a843b4f98758939082377413f3b915114e1a4753922
e52ce9aedd00c17de0baddbfc8112577c1a48f3d1c8aee25953a53feb7281d7c
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad
e6ecc3beb03f58388cb5a5329040fb1b97ef3a36af6bb499a8fe5d5e4ceb182a
ebefd9f9a30821abaa70947288ad0667423676b437b83450a78f77fa4784c99b
ec37c82245e263f1f1b4ce66fc406513e3b6de680ac395903cf86d35f3b239a3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f42414b00a84bd5d192df20872bd45b545c84e4e888a9d15f8a89722e5e4d2eb
f98c3b183a8834fa2303d8c358f62cc42785540dec4bcca3bf682dcd893874bb
fb8ce03c389581661b57ca719e9ef48c4f7aa76efe3ecff14dbe600e1ffc3319
fc837140fc65aba75bd0ce0d768b3925f0a28f0f90969acf24447b4d856d5b49
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fd709f7603ba994b389b4f9b95def9dc5abd63c5b209723e60fb05c0cb9eeaa5
fd955a4d730135b20202bb16511db09148c99ad811c7fa514d01c101f99e1966
ff4f5f0bca4fd9b34c725fd203fa825eda8f562505eb3e64f1d16eecaf914bdc
ffd92be07c06b779ebecabaecdffa71df3d98eb1b37fe662982c6add81b8fc98

1plus1.ua Open in urlscan Pro 195.137.240.80 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

371 Requests

99 %HTTPS

37 %IPv6

58 Domains

89 Subdomains

67 IPs

11 Countries

10305 kBTransfer

17096 kBSize

74 Cookies

20 Outgoing links

Page URL History

Redirected requests

371 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

1plus1.ua Open in urlscan Pro
195.137.240.80 Public Scan

Screenshot
Live screenshot

Full Image

371
Requests

99 %
HTTPS

37 %
IPv6

58
Domains

89
Subdomains

67
IPs

11
Countries

10305 kB
Transfer

17096 kB
Size

74
Cookies

371 HTTP transactions
6 data transactions