postroysitesam.ru Open in urlscan Pro
135.181.117.225 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.postroysitesam.ru/
Effective URL:
https://postroysitesam.ru/
Submission: On September 02 via automatic, source certstream-suspicious (September 2nd 2021, 11:40:50 am UTC)

Summary HTTP 136 Redirects Behaviour Indicators

Summary

This website contacted 30 IPs in 7 countries across 21 domains to perform 136 HTTP transactions. The main IP is 135.181.117.225, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is postroysitesam.ru.
TLS certificate: Issued by R3 on September 2nd 2021. Valid for: 3 months.

This is the only time postroysitesam.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 7	135.181.117.225 135.181.117.225	24940 (HETZNER-AS) (HETZNER-AS)
3	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:f800:6:b871:4f00:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:215... 2600:9000:2156:ae00:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
1	104.248.83.85 104.248.83.85	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
8	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
3 10	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
9	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a04:4e42:3::485 2a04:4e42:3::485	54113 (FASTLY) (FASTLY)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
8 18	185.33.221.91 185.33.221.91	29990 (ASN-APPNEX) (ASN-APPNEX)
3	37.157.6.253 37.157.6.253	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
17	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	195.201.152.90 195.201.152.90	24940 (HETZNER-AS) (HETZNER-AS)
5	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
3	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
136	30

7 135.181.117.225 (Helsinki, Finland) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.225.117.181.135.clients.your-server.de

www.postroysitesam.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
postroysitesam.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:f800:6:b871:4f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:ae00:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.248.83.85 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

majorpusher1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 185.33.221.91 (Amsterdam, Netherlands) 8 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.253 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.226 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.201.152.90 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.90.152.201.195.clients.your-server.de

opt.objectiveportal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.232.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	googlesyndication.com 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	351 KB
21	adnxs.com 8 redirects ib.adnxs.com acdn.adnxs.com	66 KB
18	doubleclick.net 3 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	225 KB
17	2mdn.net s0.2mdn.net	248 KB
8	yandex.com 2 redirects mc.yandex.com	2 KB
8	gstatic.com fonts.gstatic.com	142 KB
7	postroysitesam.ru 1 redirects www.postroysitesam.ru postroysitesam.ru	61 KB
5	ampproject.org cdn.ampproject.org	102 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	google.com 1 redirects adservice.google.com www.google.com	2 KB
4	criteo.com 1 redirects gum.criteo.com mug.criteo.com	1 KB
3	googletagservices.com www.googletagservices.com	101 KB
3	adform.net adx.adform.net	1 KB
3	creativecdn.com prebid-eu.creativecdn.com	537 B
3	optad360.io cmp.optad360.io get.optad360.io	559 KB
3	googleapis.com fonts.googleapis.com	3 KB
2	google.nl adservice.google.nl	975 B
2	yandex.ru 1 redirects mc.yandex.ru	72 KB
1	objectiveportal.com opt.objectiveportal.com	529 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	majorpusher1.com majorpusher1.com	15 KB
136	21

	Domain	Requested by
21	tpc.googlesyndication.com	securepubads.g.doubleclick.net 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com tpc.googlesyndication.com postroysitesam.ru s0.2mdn.net
18	ib.adnxs.com	8 redirects get.optad360.io googleads.g.doubleclick.net acdn.adnxs.com
17	s0.2mdn.net	postroysitesam.ru s0.2mdn.net
12	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
8	mc.yandex.com	2 redirects postroysitesam.ru mc.yandex.ru
8	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net postroysitesam.ru
8	fonts.gstatic.com	fonts.googleapis.com
6	postroysitesam.ru	postroysitesam.ru
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com postroysitesam.ru
3	acdn.adnxs.com	get.optad360.io
3	www.googletagservices.com	securepubads.g.doubleclick.net 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
3	337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	adx.adform.net	get.optad360.io
3	prebid-eu.creativecdn.com	get.optad360.io
3	fonts.googleapis.com	postroysitesam.ru securepubads.g.doubleclick.net tpc.googlesyndication.com
2	googleads4.g.doubleclick.net	postroysitesam.ru
2	www.google.com	1 redirects tpc.googlesyndication.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.nl	securepubads.g.doubleclick.net
2	mug.criteo.com	postroysitesam.ru
2	gum.criteo.com	1 redirects
2	mc.yandex.ru	1 redirects postroysitesam.ru
2	get.optad360.io	postroysitesam.ru get.optad360.io
1	ade.googlesyndication.com
1	opt.objectiveportal.com	337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
1	cdn.jsdelivr.net	get.optad360.io
1	majorpusher1.com	postroysitesam.ru
1	cmp.optad360.io	postroysitesam.ru
1	www.postroysitesam.ru	1 redirects
136	32

This site contains no links.

Subject Issuer	Validity	Valid
postroysitesam.ru R3	`2021-09-02` - `2021-12-01`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.optad360.io Amazon	`2020-12-17` - `2022-01-15`	a year	crt.sh
2.majorlinker.biz R3	`2021-08-26` - `2021-11-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2021-07-28` - `2022-01-07`	5 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-30` - `2022-06-01`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.google.nl GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
my.objectiveplatform.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-23` - `2022-08-23`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh

This page contains 16 frames:

Primary Page: https://postroysitesam.ru/
Frame ID: 7EE7EDE5B7F4876EA2B6074F09E2C5E8
Requests: 47 HTTP requests in this frame

Frame: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 11F7CF7EB65E35421CCA890A86EACE0C
Requests: 1 HTTP requests in this frame

Frame: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 39601800C83761BB5FA5F1954D8FDE72
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK-hNBDg0zcY2vaknQEwAQ&v=APEucNUe1PTL-juBPICs7ldtxCGqCtiet_mtEXUvl-fVxtEKlcg-GIGPbsyT6k_ETqCTt7K58Kq61zVeK7xCmM-j66FCIkVFntQqvL4DNO69Pr4_dd-gkSs8ieLPrsc4vyHk9t4ETSU1jIW0POLqkPP9wN7Kl2c3WlnpofDaG6zWR8krKmsmDp9m1BwkPufwNs9WI9je-WJ-iD1lBadc2MHzAdDLz_fOvA
Frame ID: F84BD914C3104CB4CBFD87D9D050771F
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 5899FC4AE5B0199FF5094957991AFC84
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EACEB7A2AA3EF946AE8E6C4060FBE4AF
Requests: 1 HTTP requests in this frame

Frame: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 94D0783A678A31D72734DFF0B83F78DE
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3F2FD934202E76B521952DF0CA9115F3
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
Frame ID: 6E09110CA7A6D862843EAAA37708ECC8
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html
Frame ID: 013A12DAD061DCB487D86B5D9F9E3CF4
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 065491A974FDBC8A5468E4035DAF5859
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs
Frame ID: F429A0B04FB69A223B6ED44D1E2E75FB
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/3VBCxQMuFeflN3ldnXIT7YQtw8QPm-3IluxfpK8Vf0c.js
Frame ID: D364324447BFF13B497137569B487DEA
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 4BDF014DB5CD4DD713538DADF146CD54
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: A92EB82F51C4A5609B13AA4A0A7CAE34
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: FF478E159AEC23F0A96D58069948C8C0
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Вязание

Page URL History Show full URLs

https://www.postroysitesam.ru/ HTTP 301
https://postroysitesam.ru/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

136
Requests

100 %
HTTPS

59 %
IPv6

21
Domains

32
Subdomains

30
IPs

7
Countries

1946 kB
Transfer

3945 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.postroysitesam.ru/ HTTP 301
https://postroysitesam.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpostroysitesam.ru%2F&domain=postroysitesam.ru&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=OqaVBXxIZkJmdXUxYVdDZnViUHc1RG1XQnlWR1VZUTdFamNiS0hKU1lrMkJUR3laWXpXUlFBYkFHOFBKc3ozTmE1NzJjaDdhNyszRVRXaUFnRG9TQ3dUcjN0R1RrSGhWcytUdEViQUVRMUNXVVhtUFF2MlRJZ01XQXl0S0N4UDRHMHY0QlJFa0VabFlVSkZVa3dGVGx1U1lyWUNVUGNuYm1rNGtvWmdlanRDdHNpMVpiV2JRVGRwajlhWTZ5YjFzd3hTMEh2WVlPeER3OEJ4VzBud3NjSjY5VW9Wd2ovdmUxM04raEE3WlF5eUtIQXJvPXw&cppv=2

Request Chain 25

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9384.JGYw43DdTdW4gpB32S7gkpNJ3x5Jea7_lC8V_rgK2yxdBGYNYxDFanPJGGk-5MpB.hIxbp0074bCam_hE4q1Uo-iVHpc%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9384.Ej-gdpbiYSDtjkQL0bB0k-MogC1ht66_GlysxCD0cQsg69MezY0PvAw-3T91VxAYDio0W4dKxyls8M4_PBQa-g%2C%2C.rJq0tDUhd1K-zcdC9tUVacmLHBM%2C

Request Chain 35

https://mc.yandex.com/watch/76059667?wmode=7&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A1064%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A631%3Acn%3A1%3Adp%3A0%3Als%3A217861730009%3Ahid%3A60118096%3Az%3A120%3Ai%3A20210902134030%3Aet%3A1630582830%3Ac%3A1%3Arn%3A318381108%3Au%3A1630582830310724616%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1630582829070%3Ads%3A26%2C102%2C234%2C49%2C422%2C0%2C%2C283%2C0%2C%2C%2C%2C1072%3Adsn%3A25%2C102%2C234%2C49%2C423%2C0%2C%2C238%2C1%2C%2C%2C%2C1072%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1630582831%3At%3A%D0%92%D1%8F%D0%B7%D0%B0%D0%BD%D0%B8%D0%B5 HTTP 302
https://mc.yandex.com/watch/76059667/1?wmode=7&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A1064%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A631%3Acn%3A1%3Adp%3A0%3Als%3A217861730009%3Ahid%3A60118096%3Az%3A120%3Ai%3A20210902134030%3Aet%3A1630582830%3Ac%3A1%3Arn%3A318381108%3Au%3A1630582830310724616%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1630582829070%3Ads%3A26%2C102%2C234%2C49%2C422%2C0%2C%2C283%2C0%2C%2C%2C%2C1072%3Adsn%3A25%2C102%2C234%2C49%2C423%2C0%2C%2C238%2C1%2C%2C%2C%2C1072%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1630582831%3At%3A%D0%92%D1%8F%D0%B7%D0%B0%D0%BD%D0%B8%D0%B5

Request Chain 55

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlqIZRpufFsBzkz75CxoR4&google_cver=1

Request Chain 56

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YTC4L9HXKNfGTOmnJzX3lwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlqIZRpufFsBzkz75CxoR4&google_cver=1

Request Chain 57

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECA_43fA782NvobqTJXLtKU&google_cver=1

Request Chain 58

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUzOTU5ODE5MzM5NzYyMjQ4Ng%3D%3D

Request Chain 118

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 131

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 132

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 133

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 134

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 135

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 136

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

136 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
postroysitesam.ru/
Redirect Chain

https://www.postroysitesam.ru/
https://postroysitesam.ru/

57 KB
16 KB

362ms
234ms

Document
text/html

135.181.117.225
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://postroysitesam.ru/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.117.225 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.225.117.181.135.clients.your-server.de
Software: Apache/2 / PHP/7.4.20
Resource Hash: 5d09f11d2c54d54350eb757759c3dab777a448dd26b9c8243eaff4638565ced7

Request headers

Host: postroysitesam.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 11:40:29 GMT
Server: Apache/2
X-Powered-By: PHP/7.4.20
Last-Modified: Thu, 22 Apr 2021 12:13:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16541
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Thu, 02 Sep 2021 11:40:29 GMT
Server: Apache/2
X-Powered-By: PHP/7.4.20
X-Redirect-By: WordPress
Location: https://postroysitesam.ru/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 35ms
15ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Serif%3A400%2C700%7COpen+Sans%3A400%2C400italic%2C700%2C700italic&subset=latin%2Ccyrillic

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9acaa7a0b5fef6a1b1077dc688f673e8f074c8273a70cb0f34b1c215ae40706a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 10:00:43 GMT
server: ESF
date: Thu, 02 Sep 2021 11:40:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Sep 2021 11:40:29 GMT

GET
H/1.1 200
OK style.css
postroysitesam.ru/wp-content/themes/basicpro/ 31 KB
8 KB 91ms
50ms Stylesheet
text/css 135.181.117.225
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://postroysitesam.ru/wp-content/themes/basicpro/style.css
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.117.225 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.225.117.181.135.clients.your-server.de
Software: Apache/2 /
Resource Hash: 0104f3e7f882df52e8e0b28ae4b7275df06037738e97a10144747a7f76e1a779

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: postroysitesam.ru
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://postroysitesam.ru/
Connection: keep-alive
Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 11:40:29 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Mar 2020 08:14:42 GMT
Server: Apache/2
ETag: "7a0b-5a0537a87c080-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 7830

GET
H/1.1 200
OK jquery.min.js Show response
postroysitesam.ru/wp-includes/js/jquery/ 87 KB
31 KB 147ms
55ms Script
application/javascript 135.181.117.225
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://postroysitesam.ru/wp-includes/js/jquery/jquery.min.js
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.117.225 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.225.117.181.135.clients.your-server.de
Software: Apache/2 /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: postroysitesam.ru
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://postroysitesam.ru/
Connection: keep-alive
Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 11:40:29 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Apr 2021 16:02:45 GMT
Server: Apache/2
ETag: "15d98-5c02d3a2b6cae-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 30916

GET
H2 200 e80d51bd-d49e-413a-8b5f-896bd2c0774e.min.js Show response
cmp.optad360.io/items/ 497 B
833 B 72ms
45ms Script
application/javascript 2600:9000:2156:f800:6:b871:4f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.optad360.io/items/e80d51bd-d49e-413a-8b5f-896bd2c0774e.min.js
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f800:6:b871:4f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 01:04:24 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
last-modified: Mon, 12 Apr 2021 08:54:56 GMT
server: AmazonS3
age: 40308
etag: "7acdc116a0830ba0aef5e087010246ba"
x-cache: Error from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 497
x-amz-cf-id: _cdVwn3dEt-EeAtaJUMUggBbDoUHoX4XZ9lHLHcHngjrp73rwVjAcQ==

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/c0720098-c11d-42fc-af88-04c97aa3d7d0/ 262 KB
69 KB 34ms
8ms Script
application/javascript 2600:9000:2156:ae00:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/c0720098-c11d-42fc-af88-04c97aa3d7d0/plugin.min.js
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ae00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9a33a10dce08b3598b6049de730d3c86f1b633167284dd4e2c1d25fbb222ae2

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:01:43 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 11:11:43 GMT
server: AmazonS3
age: 2328
etag: W/"8492f4b64c3e26517c182e30a45213f0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: VNniZfEhdbNb8xp4e8wPDAciG56VgDxzpboySz71kfVeSdBrr_rPfw==

GET
H2 200 / Show response
majorpusher1.com/ 15 KB
15 KB 73ms
23ms Script
application/javascript 104.248.83.85
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://majorpusher1.com/?pu=he3tgnldmi5ha3ddf4zdaoju

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.248.83.85 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

f3b0f06f09b0232b65410d7789ac78ea3bdba78d0ec75bc46d8f0bb2a0a5960f

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 02 Sep 2021 11:40:30 GMT
server: nginx
content-security-policy: img-src https: data:; upgrade-insecure-requests
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK functions.js Show response
postroysitesam.ru/wp-content/themes/basicpro/js/ 2 KB
978 B 149ms
50ms Script
application/javascript 135.181.117.225
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://postroysitesam.ru/wp-content/themes/basicpro/js/functions.js
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.117.225 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.225.117.181.135.clients.your-server.de
Software: Apache/2 /
Resource Hash: f00cbff80acd2fd4fff77cc3cfc9f6d74e6927e5d768c1d64c87cb358ead9889

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: postroysitesam.ru
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://postroysitesam.ru/
Connection: keep-alive
Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 11:40:29 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Mar 2020 08:14:42 GMT
Server: Apache/2
ETag: "62d-5a0537a87c080-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 642

GET
H/1.1 200
OK lazyload.min.js Show response
postroysitesam.ru/wp-content/plugins/rocket-lazy-load/assets/js/16.1/ 8 KB
3 KB 50ms
50ms Script
application/javascript 135.181.117.225
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://postroysitesam.ru/wp-content/plugins/rocket-lazy-load/assets/js/16.1/lazyload.min.js
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.117.225 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.225.117.181.135.clients.your-server.de
Software: Apache/2 /
Resource Hash: 6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: postroysitesam.ru
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://postroysitesam.ru/
Connection: keep-alive
Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 11:40:30 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Apr 2021 16:37:00 GMT
Server: Apache/2
ETag: "1ed2-5c02db4a466d9-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2704

GET
H/1.1 200
OK li.svg
postroysitesam.ru/wp-content/themes/basicpro/img/ 2 KB
2 KB 50ms
49ms Image
image/svg+xml 135.181.117.225
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://postroysitesam.ru/wp-content/themes/basicpro/img/li.svg
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/wp-content/themes/basicpro/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.117.225 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.225.117.181.135.clients.your-server.de
Software: Apache/2 /
Resource Hash: b9389cb6583f0d743318d61d4f74c3029eb5d8ed7e96b04712ebadfb2c3ad850

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: postroysitesam.ru
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://postroysitesam.ru/wp-content/themes/basicpro/style.css
Connection: keep-alive
Referer: https://postroysitesam.ru/wp-content/themes/basicpro/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 11:40:30 GMT
Last-Modified: Sun, 08 Mar 2020 08:14:42 GMT
Server: Apache/2
ETag: "65b-5a0537a87c080"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1627

GET
H2 200 EJRSQgYoZZY2vCFuvAnt66qWVyvHpA.woff2
fonts.gstatic.com/s/ptserif/v12/ 20 KB
20 KB 34ms
13ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRSQgYoZZY2vCFuvAnt66qWVyvHpA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif%3A400%2C700%7COpen+Sans%3A400%2C400italic%2C700%2C700italic&subset=latin%2Ccyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a554c660d241d1cbe5acd71675154b2a6242fa593a5dbeeb80ce8db0f7b33f90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://postroysitesam.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 16:37:23 GMT
x-content-type-options: nosniff
age: 414187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20788
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:05:41 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 16:37:23 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFUZ0bbck.woff2
fonts.gstatic.com/s/opensans/v23/ 9 KB
9 KB 33ms
12ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFUZ0bbck.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif%3A400%2C700%7COpen+Sans%3A400%2C400italic%2C700%2C700italic&subset=latin%2Ccyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://postroysitesam.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 14:22:57 GMT
x-content-type-options: nosniff
age: 422253
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9400
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 14:22:57 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ 14 KB
15 KB 28ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif%3A400%2C700%7COpen+Sans%3A400%2C400italic%2C700%2C700italic&subset=latin%2Ccyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://postroysitesam.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 08:52:43 GMT
x-content-type-options: nosniff
age: 442067
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:25 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 08:52:43 GMT

GET
H2 200 EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
fonts.gstatic.com/s/ptserif/v12/ 29 KB
29 KB 18ms
17ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Serif%3A400%2C700%7COpen+Sans%3A400%2C400italic%2C700%2C700italic&subset=latin%2Ccyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e548abcd8734bfcf8b4ebbbca1af98f9e8ae1e0ff884c0971f29498a4fc108f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://postroysitesam.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 14:16:32 GMT
x-content-type-options: nosniff
age: 422638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29400
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:05:20 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 14:16:32 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 224 KB
72 KB 200ms
97ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

96e61209b1c1fff1abe78fb763fbf093a04e6e992dc24b299ab1c4c5f4272f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: br
last-modified: Thu, 26 Aug 2021 16:59:05 GMT
etag: "6127a958-11d31"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 73009
expires: Thu, 02 Sep 2021 12:40:30 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 73 KB
26 KB 102ms
43ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/c0720098-c11d-42fc-af88-04c97aa3d7d0/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

3c5893a2b3e97ecf428e17883166fef08e70687b76c10d5b5367b2aeb461711a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "975 / 771 of 1000 / last-modified: 1630580995"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25709
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:40:30 GMT

GET
H2 200 prebid4.35.0.js Show response
get.optad360.io/sf/ 488 KB
489 KB 7ms
6ms Script
application/javascript 2600:9000:2156:ae00:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid4.35.0.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/c0720098-c11d-42fc-af88-04c97aa3d7d0/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ae00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b3e0dcd1ce85699e960acfde52551ae7162a0a1ff7be3f1520f0b896d0863ac9

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 28 May 2021 16:57:41 GMT
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
last-modified: Mon, 10 May 2021 12:34:45 GMT
server: AmazonS3
age: 8361770
etag: "b58d0a1d4c966720e297b8bdc79ac9db"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 499815
x-amz-cf-id: USYi6XFlSZ6Y8dyYQmsBdKZOR--KJ2LBmVGCB5aiJ3EHaOqaMPGivw==

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 37ms
12ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpostroysitesam.ru%2F&domain=postroysitesam.ru&cw=1

Protocol

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://postroysitesam.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://postroysitesam.ru
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1558
date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 19ms
7ms XHR
application/json 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210902

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

145ed71ab10590d4ee774270ac8dd21c7974658d923d75d19abe12a9b68fb0cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 30340
x-jsd-version: 1.0.1087
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 946
etag: W/"69c-bujvshlccdZTyqZHpBTRDnNdvcY"
x-served-by: cache-fra19129-FRA
x-jsd-version-type: version
date: Thu, 02 Sep 2021 11:40:30 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpostroysitesam.ru%2F&domain=postroysitesam.ru&cw=1
https://mug.criteo.com/sid?cpp=OqaVBXxIZkJmdXUxYVdDZnViUHc1RG1XQnlWR1VZUTdFamNiS0hKU1lrMkJUR3laWXpXUlFBYkFHOFBKc3ozTmE1NzJjaDdhNyszRVRXaUFnRG9TQ3dUcjN0R1RrSGhWcytUdEViQUVRMUNXVVhtUFF2MlRJZ01XQXl0S0...

345 B
607 B

93ms
32ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=OqaVBXxIZkJmdXUxYVdDZnViUHc1RG1XQnlWR1VZUTdFamNiS0hKU1lrMkJUR3laWXpXUlFBYkFHOFBKc3ozTmE1NzJjaDdhNyszRVRXaUFnRG9TQ3dUcjN0R1RrSGhWcytUdEViQUVRMUNXVVhtUFF2MlRJZ01XQXl0S0N4UDRHMHY0QlJFa0VabFlVSkZVa3dGVGx1U1lyWUNVUGNuYm1rNGtvWmdlanRDdHNpMVpiV2JRVGRwajlhWTZ5YjFzd3hTMEh2WVlPeER3OEJ4VzBud3NjSjY5VW9Wd2ovdmUxM04raEE3WlF5eUtIQXJvPXw&cppv=2

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea687404cc26fb476a51bee39c21b8e348ae9268658143598110ba6e73901751

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 02 Sep 2021 11:40:30 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2388
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 02 Sep 2021 11:40:29 GMT
location: https://mug.criteo.com/sid?cpp=OqaVBXxIZkJmdXUxYVdDZnViUHc1RG1XQnlWR1VZUTdFamNiS0hKU1lrMkJUR3laWXpXUlFBYkFHOFBKc3ozTmE1NzJjaDdhNyszRVRXaUFnRG9TQ3dUcjN0R1RrSGhWcytUdEViQUVRMUNXVVhtUFF2MlRJZ01XQXl0S0N4UDRHMHY0QlJFa0VabFlVSkZVa3dGVGx1U1lyWUNVUGNuYm1rNGtvWmdlanRDdHNpMVpiV2JRVGRwajlhWTZ5YjFzd3hTMEh2WVlPeER3OEJ4VzBud3NjSjY5VW9Wd2ovdmUxM04raEE3WlF5eUtIQXJvPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postroysitesam.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1618
content-length: 482
expires: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
179 B 86ms
39ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://postroysitesam.ru
date: Thu, 02 Sep 2021 11:40:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
695 B 68ms
28ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:30 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4a6d26e2-934b-49aa-9898-91b5fa3f50e6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://postroysitesam.ru
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ 10 B
456 B 146ms
75ms XHR
application/json 37.157.6.253
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTEwNTE0MTImdHJhbnNhY3Rpb25JZD1lMzgzYzU0Zi0zY2RiLTRlN2YtOThlMy1mN2M4OGM2OGFiZDEmcmN1cj1QTE4%3D&bWlkPTEwNTE0MTImdHJhbnNhY3Rpb25JZD1jNjJhNmZkMi0wZWUyLTQ1ZGQtOGM2Ny1iNjA3YTUxODAxNWUmcmN1cj1QTE4%3D&pt=gross&stid=a162dfdd-afcb-45ef-9052-e8dfa6c30dc0&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

78f4a3114e3738eab1ffd31cbd3611435034197ecc40456f3ed43f82af4393d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://postroysitesam.ru
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 10
expires: -1

GET
H2 200 / Show response
adx.adform.net/adx/ 10 B
455 B 148ms
80ms XHR
application/json 37.157.6.253
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTEwNTE0MTImdHJhbnNhY3Rpb25JZD01ZmNhNGY0MC1jYWUwLTQwMGUtOTc0OC03NGVlOGRmZTlkM2EmcmN1cj1QTE4%3D&bWlkPTEwNTE0MTImdHJhbnNhY3Rpb25JZD05YjM4NTU5YS0wNzMwLTQzZTItYjQ4YS1kNmY5ZDNiYmNlNjcmcmN1cj1QTE4%3D&pt=gross&stid=391a6db0-a504-4974-bce3-6179f4453df9&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

78f4a3114e3738eab1ffd31cbd3611435034197ecc40456f3ed43f82af4393d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://postroysitesam.ru
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 10
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 249 B
926 B 61ms
20ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

904cbc05899d55093c65a0c1ce5cadbb65e6e5a81140c4a5229ece0eeb21b518

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:30 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8b3801a4-bff9-40bb-a68f-d89308ecd22e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://postroysitesam.ru
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 249
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
179 B 64ms
23ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://postroysitesam.ru
date: Thu, 02 Sep 2021 11:40:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9384.JGYw43DdTdW4gpB32S7gkpNJ3x5Jea7_lC8V_rgK2yxdBGYNYxDFanPJGGk-5MpB.hIxbp0074bCam_hE4q1Uo-iVHpc%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9384.Ej-gdpbiYSDtjkQL0bB0k-MogC1ht66_GlysxCD0cQsg69MezY0PvAw-3T91VxAYDio0W4dKxyls8M4_PBQa-g%2C%2C.rJq0tDUhd1K-zcdC9tUVacmLHBM%2C

75 B
75 B

56ms
55ms

Image
text/html

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9384.Ej-gdpbiYSDtjkQL0bB0k-MogC1ht66_GlysxCD0cQsg69MezY0PvAw-3T91VxAYDio0W4dKxyls8M4_PBQa-g%2C%2C.rJq0tDUhd1K-zcdC9tUVacmLHBM%2C

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:30 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9384.Ej-gdpbiYSDtjkQL0bB0k-MogC1ht66_GlysxCD0cQsg69MezY0PvAw-3T91VxAYDio0W4dKxyls8M4_PBQa-g%2C%2C.rJq0tDUhd1K-zcdC9tUVacmLHBM%2C
date: Thu, 02 Sep 2021 11:40:30 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
136 B 51ms
49ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:30 GMT
last-modified: Thu, 26 Aug 2021 15:39:16 GMT
etag: "6127a958-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Thu, 02 Sep 2021 12:40:30 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 101ms
35ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1341
date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H3-29 200 pubads_impl_2021082701.js Show response
securepubads.g.doubleclick.net/gpt/ 333 KB
117 KB 38ms
35ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

b92ad0a4155446d073295a68374ed61c1e64b2f6f7195bb1c077febc44cc2e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 27 Aug 2021 15:07:02 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119397
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:40:30 GMT

GET
H3-29 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 36 B
76 B 36ms
34ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=postroysitesam.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

05ea8687fe45f48c7a0ebaef709b24f671d9168e057689aecf5c6c99b574b0d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:40:30 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
853 B 36ms
17ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=postroysitesam.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 35ms
16ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=postroysitesam.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
7 KB 400ms
399ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4432620224606174&correlator=1011585978389163&output=ldjh&impl=fif&eid=44749397%2C31062448%2C31062297&vrg=2021082701&ptt=17&sc=1&sfv=1-0-38&ecs=20210902&iu_parts=121764058%2Ca1-exp.ru%2Ca1-exp.ru_ATF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x250%7C970x300&cookie_enabled=1&bc=31&abxe=1&lmt=1619093598&dt=1630582830570&dlt=1630582829859&idt=680&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=182&adks=938372444&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fpostroysitesam.ru%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=728x0&ga_vid=542891260.1630582831&ga_sid=1630582831&ga_hid=52461833&ga_fc=false&fws=128&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

d640582996bcd73cccd97307857404c0b53f5f8bacd9f3269c7e6ad9b81ebd5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7562
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://postroysitesam.ru
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 11F7 6 KB
3 KB 47ms
14ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://postroysitesam.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://postroysitesam.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 02 Sep 2021 11:40:30 GMT
expires: Fri, 02 Sep 2022 11:40:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 97 KB
30 KB 680ms
680ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4432620224606174&correlator=1011585978389163&output=ldjh&impl=fif&eid=44749397%2C31062448%2C31062297&vrg=2021082701&ptt=17&sc=1&sfv=1-0-38&ecs=20210902&iu_parts=121764058%2Ca1-exp.ru%2Ca1-exp.ru_BTF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x250%7C970x300%7C1280x300&cookie_enabled=1&bc=31&abxe=1&lmt=1619093598&dt=1630582830577&dlt=1630582829859&idt=680&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=3693&adks=2564222576&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fpostroysitesam.ru%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=728x0&ga_vid=542891260.1630582831&ga_sid=1630582831&ga_hid=52461833&ga_fc=false&fws=128&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

f454f7be1fec9897cc6469f96ef30fcaffa14e3ac530295f7fae092b87300eed

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL-BqrOa4PICFVor4AoddpQLlQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/1737355424967676258/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL-BqrOa4PICFVor4AoddpQLlQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/1737355424967676258/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30990
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Thu, 02 Sep 2021 11:40:31 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://postroysitesam.ru
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/76059667/
Redirect Chain

https://mc.yandex.com/watch/76059667?wmode=7&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A1064%3Afu%3A0%3Aen%3Autf-8%3A...
https://mc.yandex.com/watch/76059667/1?wmode=7&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A1064%3Afu%3A0%3Aen%3Autf-8%...

331 B
413 B

52ms
52ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/76059667/1?wmode=7&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A1064%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A631%3Acn%3A1%3Adp%3A0%3Als%3A217861730009%3Ahid%3A60118096%3Az%3A120%3Ai%3A20210902134030%3Aet%3A1630582830%3Ac%3A1%3Arn%3A318381108%3Au%3A1630582830310724616%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1630582829070%3Ads%3A26%2C102%2C234%2C49%2C422%2C0%2C%2C283%2C0%2C%2C%2C%2C1072%3Adsn%3A25%2C102%2C234%2C49%2C423%2C0%2C%2C238%2C1%2C%2C%2C%2C1072%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1630582831%3At%3A%D0%92%D1%8F%D0%B7%D0%B0%D0%BD%D0%B8%D0%B5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

33bb23766d0e3326c4595016dd9fb63f91717ea5e4b59b7bae841090004a0872

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:30 GMT
x-content-type-options: nosniff
last-modified: Thu, 02-Sep-2021 11:40:30 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://postroysitesam.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 331
x-xss-protection: 1; mode=block
expires: Thu, 02-Sep-2021 11:40:30 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:30 GMT
last-modified: Thu, 02-Sep-2021 11:40:30 GMT
location: /watch/76059667/1?wmode=7&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A1064%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A631%3Acn%3A1%3Adp%3A0%3Als%3A217861730009%3Ahid%3A60118096%3Az%3A120%3Ai%3A20210902134030%3Aet%3A1630582830%3Ac%3A1%3Arn%3A318381108%3Au%3A1630582830310724616%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1630582829070%3Ads%3A26%2C102%2C234%2C49%2C422%2C0%2C%2C283%2C0%2C%2C%2C%2C1072%3Adsn%3A25%2C102%2C234%2C49%2C423%2C0%2C%2C238%2C1%2C%2C%2C%2C1072%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1630582831%3At%3A%D0%92%D1%8F%D0%B7%D0%B0%D0%BD%D0%B8%D0%B5
strict-transport-security: max-age=31536000
access-control-allow-origin: https://postroysitesam.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 02-Sep-2021 11:40:30 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ 10 B
455 B 94ms
92ms XHR
application/json 37.157.6.253
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTEwNTE0MTImdHJhbnNhY3Rpb25JZD1lNjQzODc4MS02OGI4LTQ4YjMtODI4NC1mY2U1OTJjZmZjYmMmcmN1cj1QTE4%3D&bWlkPTEwNTE0MTImdHJhbnNhY3Rpb25JZD02ZDIzY2RhMS05ZDEyLTRkZmMtOGRlYi02NDFkODFhMzcyYTUmcmN1cj1QTE4%3D&pt=gross&stid=cc4a8528-3eb4-4d5e-8d72-de02b2f50a59&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

78f4a3114e3738eab1ffd31cbd3611435034197ecc40456f3ed43f82af4393d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://postroysitesam.ru
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 10
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 250 B
927 B 44ms
44ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b6b8faf85c798b4a03093f7aa60ff2bcfa813d78161cc31f8daecccc0b025eca

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:30 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8ec97f0a-1f34-4971-b743-26d5e3f952a2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://postroysitesam.ru
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 250
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
179 B 21ms
21ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://postroysitesam.ru
date: Thu, 02 Sep 2021 11:40:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H3-29 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=postroysitesam.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=postroysitesam.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
12 KB 605ms
604ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4432620224606174&correlator=1011585978389163&output=ldjh&impl=fif&eid=44749397%2C31062448%2C31062297&vrg=2021082701&ptt=17&sc=1&sfv=1-0-38&ecs=20210902&iu_parts=121764058%2Ca1-exp.ru%2Ca1-exp.ru_SF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1619093598&dt=1630582830915&dlt=1630582829859&idt=680&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1200&adks=2121817100&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fpostroysitesam.ru%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=728x-1&ga_vid=542891260.1630582831&ga_sid=1630582831&ga_hid=52461833&ga_fc=false&fws=640&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

c6f45c3519ade4d04e2c4757f6a291eb85e1f0785d4325676455214f589577ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12599
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://postroysitesam.ru
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3960 6 KB
3 KB 23ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://postroysitesam.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://postroysitesam.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 02 Sep 2021 11:40:30 GMT
expires: Fri, 02 Sep 2022 11:40:30 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 47ms
28ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496339498273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27562
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 40ms
19ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021082701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

425a83ca727f9e2deb8d5dd6087560f3e51d601fb14c1ed975450050c832137a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8557
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 39ms
17ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F84B 624 B
995 B 40ms
19ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CK-hNBDg0zcY2vaknQEwAQ&v=APEucNUe1PTL-juBPICs7ldtxCGqCtiet_mtEXUvl-fVxtEKlcg-GIGPbsyT6k_ETqCTt7K58Kq61zVeK7xCmM-j66FCIkVFntQqvL4DNO69Pr4_dd-gkSs8ieLPrsc4vyHk9t4ETSU1jIW0POLqkPP9wN7Kl2c3WlnpofDaG6zWR8krKmsmDp9m1BwkPufwNs9WI9je-WJ-iD1lBadc2MHzAdDLz_fOvA

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CK-hNBDg0zcY2vaknQEwAQ&v=APEucNUe1PTL-juBPICs7ldtxCGqCtiet_mtEXUvl-fVxtEKlcg-GIGPbsyT6k_ETqCTt7K58Kq61zVeK7xCmM-j66FCIkVFntQqvL4DNO69Pr4_dd-gkSs8ieLPrsc4vyHk9t4ETSU1jIW0POLqkPP9wN7Kl2c3WlnpofDaG6zWR8krKmsmDp9m1BwkPufwNs9WI9je-WJ-iD1lBadc2MHzAdDLz_fOvA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 02 Sep 2021 11:40:31 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUlO8xPU-Kzc22q4Ds37cRi_Peqfc8P6zOUhpLvD1nCGwwaIq3uZs2hGddK0; expires=Tue, 27-Sep-2022 11:40:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3960 78 KB
30 KB 73ms
50ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D81OyWBMyXG2zal_dcgVZ17gYQyopN1XATySKStPDhfrcQ2nFbYVTXm4qwVnf82MHkGqYDkhVrx0dzjwreyGCRW81G4mXBblB7bYeJXD65ZGu1W-uuzLNvyl4A5t63o0og3_f6MPjMAgeehcNrjgluNIaLiQ&dbm_d=AKAmf-BflzzEbqE2FGY7Nhu2OZcsvDloIjSUmwe2DheU4YaC8hVDdIEOEV7be-PiIlgenBkDlKvQKkcrsSCqqzEP6qsVKfEiDItlAj7k1Fr5RXB6psq3xnoI7uMXgV9eWd6gFJ-ls7361A6iDXcerYrj54QjG_q9GpGR-rRYeff_E3V_nuMwjcBfYqwaUEsFpFKme6V6GoUdClOiNHimM933slVXcedNuLeOZyRHX5thacaFBdwVcRrVHtr3qKaFMBU6oY0RKXDZQ0DqP6mDmq36QrHGBImeHLeLWJO7RCYfAkxyAJyHzl6aj_UjzJ0auIN-FJ9P6tQNVRgEA6XqVqoK9BcJibgPXoD_kEH09M9DpyXE33nbQOmM_QJF6AEHarGIk7G-BPb-y8CP_ZAklTfxtGZP04PviUzeC1AnWD-1pEdrKBk-e3qePrJJdsV46lSjBBzRYBpt7jUpNXKlMLZMxosVDlOJInOaFC2EK0i7umQ3Hd9VgbpQP8B2H84qbVIH81ax6Smvf_EPQtVq3ccXK8bYr75YK2uO95QZ-pF-dd2NPZKVLZRlR0pYNm4Kc15yykk16KSUzP_o-U97Xgm0GQysDSji7mm4ZsE66JY8oW-nWyBclpUGTypgx-Sj-2wxO60RHQxci0fdmV_IBnqWBABeZnutxRAzpdrTH2r6LJA_AAenSZQaA-CPs-IP7lSvzTe4E7cZ6TCSfkpWF82MDCQjZhgL6s7eynZoBCGVwn3w4hNfoqEDc2qJRDJFIZHtyRTxVDxM7LMKlDxPgYaj0ivXGikyJzQ7kY0Z37j_pzl5QdNxyk1duKeeI07fkECNHrF4iZLs68bvipYW4Upj6YZbqkxFsu3mRz64crCy-xDb1tFt4qddwREW48wmAVS9w0f7NWzvtA7GY6vjD7tSxpjbISeFeE02Qi8ebxwfwuTTTGW9SeMvFsG4KRe0bF2iHc78WIzpW3Mcy9jWHHO2deh8A6--29VyH5BKtfuH1nmtEDJTQIOybnGaKdXF6hUNdtCpvw8UroavV-TdUamV-eGHqpXxMWdvX1nPfPhd50IDm1Ohpgy6iq07QXeTbgYZwJI11shf4Cz-OXhS-qRqqbl8OCh_IQXzGsHUYJXanb5nrG76g8VUl7d1EuNzJVlKJiedC6P5-3b9eMHs-sqWp0KCWl73P11W868IdvFgkrNe4JLIr-YT3naK-xMb6s0t_B35bt7F4nhqBvI0fdB6v9z-FmUVEDW0aXCZrbFoxEsiI_ug97mBgU7jzfTtjcg7wnFD_JoqdfagqBWIax-vSCXqTUWdQd3Nx7K2tbhMDckIB8tIak70CYKR3PDb_J-377GYgM2ew6TB7T2ML3CrpRTkZw6r6Kz-apsPfvPw90vj5EICmpVhl1dk9GXvwYoa54saoIPjqMCpMgaBBwafc4pjhESZROjilNDS4PTxqKysDETO2r2K9fAc_39incOWvw1by8w8iDOM9yS9wm97wijS0kJQ4lJK7xVN_AJHpGFQouAasWt6_PBQe2tNy6BiSLK7_K77SZqKQOZb7KnA--L7mTZV7nsi08uw7RfnLlaZVIUeDh-x1KBGkEYi_YzHw4HQJhOrXsEXP6znmt3J_sxeWAywnDtSHRHsZOXSBCJn5svfxnasyFDXXAw6iS0hAGPY0TlnzvgjJGMbch-UeKo1VPQajElp7lRMQ4HmemDPoWrs7gWovSesMxLRe-RgxXdEWPBWDnBEee2VoGoI6dkcXxl9aMPlLep80W9_XyNuey55t_0CHI1QsCMC2xBRsNB1Wf-jOL7x9Sa1yabSKb4MV4-fjQttncMDUnNjYPauKjIlwr_z9NAC9TLWF9MtL2t5jkonDHOWx4OxgBvPUyxP1QpQLFw3KgrQogxlRzSfbIvouCIf1nZnGRP_44IXME07hv2BYpGkBm8kANBGWlZ_iJ_4yu7a55dKJ6TPLvACibI2Eksgzg5DR4hRfOaS1ao3MxADoruea-GxGG9UCXzzu9xC042r5e2LrQjoZeFqA70WsP2Q_s4Od5ZbTEGSqX8HfHMpAamZzrepfa9zdPa37hTr73wTcNC3iM1NdAPo_embGlgwSJniCwffTcPI0UQKZoWDm6l7ZYP5-3SsWZDRpKqNk_kNL94vGcLg71WnmPmUFv8weVaT7FuU7_j-BUUts_OtFP-M3ipzGb2ul9n-a-Q_-pPFxUHZ-tX10MuUkIYJNT5NB5ANunDaVSFy7TGG938GS1Oga2LD3Isds2m12nEDVsaKH20fU6u1abrHzD5CV67uOvANeoUL3MYsUbnj_oqziDBebH4ISBiw2zn-1EozCSZf9exrAcdTWiS9-gl8JKJjyW27WfoW890cddnC1-8jG5z6dmaXty5hBifP59M1OwStUShsrLWEAtNWKWMIjOL5Qbs-y8ZzzTzVgsOIVypMYeItz7gLsVWXIEqO51nTcX72Ka5ScHUirMPUEzRufY8qaG2oR75U2qiKyo_uAuOfA_MCB3_3PkqiTYg5dMdbxwyqep9651g2snpOGMJUAukAEz2dLHU8AWYpl3Xf2_eJglZiPNm2JgPOC_BgEh51pbfsvp17nxPWT3FSnheyjRiLBufOxQdGf0L5mMCZQRmBH4Qow9O-35-bFTZMOdE_83bOK2_btl4jlg1w3YjfkGFffj-mk9xkGLp3ARc2xIlIk6x60N2v85RA70BKYLd3pMhU4x8xrcSokNfiqSyNuGchgILRYNYwo6-6kYnO0JpYAnAUkiAQZqjVqOlx7GuIZAXKTi1tsJoxPWfild-nccJAwt2839pm5Mh6JeeCJkFL15rw43KA4xZYVhKm6gsBaD_XU37SXtGAwGHtqN1tGhqm3gI1eXtd0Wpz5Bzy7oPu-nFdWVAag-9PnjiWXpzahXvsGK73ge0SJ38Tkbna44IatCkq0nnBdMBuEEhxva1I3zMrm3cEg0uEcJmDcg00Ld3g2VJuOE1ZmxNaA26V2Jdq9QU27xYXyLfKadd0PGFL3uNCeGEIeUCclTOgfNkdAiaYJezD5t_aiuES3BJVZm89DYIxAJvtsj8KupZff2CF93ls8L8Xn-TNsUGWM2Q5Z7HUgbnCc52kDNxKZrFnUaXj58fJrux93JqvDmQPDKib2BLoiU4n3wN_CSlD5wm4qe5jdKLk2r8cqkL_rPcCQptVyZU0o_vU57_7GnShqc0xQ8niFSJmi6HR_h5lr4u8j2N4Ve0wl8uMPJ7DsH4PrKYEwGC_SWwYSlWssqQXOLDXB1_xMLDD8N6dMioPR3s6iC3VM7UbwvZOMd1hM6zzNpM1zv7FIyEDXxHW8lebyIbNv3SFAQhXDIM8w5AdYRw6IxrsPlCP3Y-LuIMDlnOFg79szjhgbsukvrI4NHSNscrbPVukSSXjK_3FsLoP5phW_3yksPPJmxC52ZYOkchNxgIZNy4hSCfCTEG_c7DndgE8&cid=CAASFeRo6vmdPlnv01qJQtdVqVmMGHj2Vg&rfl=1%2Chttps%253A%252F%252Fpostroysitesam.ru%252F%240

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3749bda29d24cdf7a2297ce96c2e30a0f7a3f8dee83814b4a16b33f2aa46f9d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29829
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3960 42 B
63 B 41ms
39ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-COKHs1LknZYS2vBdtqY4JQp48bdcFz55UeF7qh6POj0D4spO_8xhR0MiKQlMDFoj-JxZu1MP4pYiBMyWgu-XzJ6WwTlo2CPSsXpGu8qe1JMwN3YtA

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 3960 2 KB
2 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/window_focus_fy2019.js

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:37:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Sep 2021 11:37:59 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3960 122 KB
37 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 3960 14 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Sep 2021 11:37:54 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 5899 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://postroysitesam.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://postroysitesam.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Thu, 02 Sep 2021 11:29:08 GMT
expires: Fri, 02 Sep 2022 11:29:08 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 683
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EACE 783 B
1 KB 41ms
20ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

92161b5c677b5d81f46b5244f457f93732f6adc3eaaf4f5aa86d962cfbb71628

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Q2JTIrex1Bz4SmWhcH3g7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://postroysitesam.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://postroysitesam.ru/

Response headers

expires: Thu, 02 Sep 2021 11:40:31 GMT
date: Thu, 02 Sep 2021 11:40:31 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Q2JTIrex1Bz4SmWhcH3g7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 3VBCxQMuFeflN3ldnXIT7YQtw8QPm-3IluxfpK8Vf0c.js Show response
pagead2.googlesyndication.com/bg/ Frame 5899 35 KB
13 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3VBCxQMuFeflN3ldnXIT7YQtw8QPm-3IluxfpK8Vf0c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd5042c5032e15e7e537795d9d7213ed842dc3c40f9bedc896ec5fa4af157f47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 09:33:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7637
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13381
x-xss-protection: 0
last-modified: Mon, 23 Aug 2021 08:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 02 Sep 2022 09:33:14 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F84B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlqIZRpufFsBzkz75CxoR4&google_cver=1

43 B
1014 B

49ms
48ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlqIZRpufFsBzkz75CxoR4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK-hNBDg0zcY2vaknQEwAQ&v=APEucNUe1PTL-juBPICs7ldtxCGqCtiet_mtEXUvl-fVxtEKlcg-GIGPbsyT6k_ETqCTt7K58Kq61zVeK7xCmM-j66FCIkVFntQqvL4DNO69Pr4_dd-gkSs8ieLPrsc4vyHk9t4ETSU1jIW0POLqkPP9wN7Kl2c3WlnpofDaG6zWR8krKmsmDp9m1BwkPufwNs9WI9je-WJ-iD1lBadc2MHzAdDLz_fOvA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 02 Sep 2021 11:40:31 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlqIZRpufFsBzkz75CxoR4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F84B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YTC4L9HXKNfGTOmnJzX3lwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlqIZRpufFsBzkz75CxoR4&google_cver=1

43 B
894 B

39ms
36ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlqIZRpufFsBzkz75CxoR4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK-hNBDg0zcY2vaknQEwAQ&v=APEucNUe1PTL-juBPICs7ldtxCGqCtiet_mtEXUvl-fVxtEKlcg-GIGPbsyT6k_ETqCTt7K58Kq61zVeK7xCmM-j66FCIkVFntQqvL4DNO69Pr4_dd-gkSs8ieLPrsc4vyHk9t4ETSU1jIW0POLqkPP9wN7Kl2c3WlnpofDaG6zWR8krKmsmDp9m1BwkPufwNs9WI9je-WJ-iD1lBadc2MHzAdDLz_fOvA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 02 Sep 2021 11:40:31 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlqIZRpufFsBzkz75CxoR4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame F84B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECA_43fA782NvobqTJXLtKU&google_cver=1

43 B
1000 B

30ms
30ms

Image
image/gif

185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECA_43fA782NvobqTJXLtKU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK-hNBDg0zcY2vaknQEwAQ&v=APEucNUe1PTL-juBPICs7ldtxCGqCtiet_mtEXUvl-fVxtEKlcg-GIGPbsyT6k_ETqCTt7K58Kq61zVeK7xCmM-j66FCIkVFntQqvL4DNO69Pr4_dd-gkSs8ieLPrsc4vyHk9t4ETSU1jIW0POLqkPP9wN7Kl2c3WlnpofDaG6zWR8krKmsmDp9m1BwkPufwNs9WI9je-WJ-iD1lBadc2MHzAdDLz_fOvA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:31 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 10584f49-113e-4654-8da4-225edcde75fe
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECA_43fA782NvobqTJXLtKU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F84B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUzOTU5ODE5MzM5NzYyMjQ4Ng%3D%3D

170 B
188 B

50ms
49ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUzOTU5ODE5MzM5NzYyMjQ4Ng%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:31 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b5c1c40e-a57e-4f64-a331-b6ff2f1b9f16
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUzOTU5ODE5MzM5NzYyMjQ4Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 3960 169 KB
59 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210830/r20110914/elements/html/ Frame 3960 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210830/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D81OyWBMyXG2zal_dcgVZ17gYQyopN1XATySKStPDhfrcQ2nFbYVTXm4qwVnf82MHkGqYDkhVrx0dzjwreyGCRW81G4mXBblB7bYeJXD65ZGu1W-uuzLNvyl4A5t63o0og3_f6MPjMAgeehcNrjgluNIaLiQ&dbm_d=AKAmf-BflzzEbqE2FGY7Nhu2OZcsvDloIjSUmwe2DheU4YaC8hVDdIEOEV7be-PiIlgenBkDlKvQKkcrsSCqqzEP6qsVKfEiDItlAj7k1Fr5RXB6psq3xnoI7uMXgV9eWd6gFJ-ls7361A6iDXcerYrj54QjG_q9GpGR-rRYeff_E3V_nuMwjcBfYqwaUEsFpFKme6V6GoUdClOiNHimM933slVXcedNuLeOZyRHX5thacaFBdwVcRrVHtr3qKaFMBU6oY0RKXDZQ0DqP6mDmq36QrHGBImeHLeLWJO7RCYfAkxyAJyHzl6aj_UjzJ0auIN-FJ9P6tQNVRgEA6XqVqoK9BcJibgPXoD_kEH09M9DpyXE33nbQOmM_QJF6AEHarGIk7G-BPb-y8CP_ZAklTfxtGZP04PviUzeC1AnWD-1pEdrKBk-e3qePrJJdsV46lSjBBzRYBpt7jUpNXKlMLZMxosVDlOJInOaFC2EK0i7umQ3Hd9VgbpQP8B2H84qbVIH81ax6Smvf_EPQtVq3ccXK8bYr75YK2uO95QZ-pF-dd2NPZKVLZRlR0pYNm4Kc15yykk16KSUzP_o-U97Xgm0GQysDSji7mm4ZsE66JY8oW-nWyBclpUGTypgx-Sj-2wxO60RHQxci0fdmV_IBnqWBABeZnutxRAzpdrTH2r6LJA_AAenSZQaA-CPs-IP7lSvzTe4E7cZ6TCSfkpWF82MDCQjZhgL6s7eynZoBCGVwn3w4hNfoqEDc2qJRDJFIZHtyRTxVDxM7LMKlDxPgYaj0ivXGikyJzQ7kY0Z37j_pzl5QdNxyk1duKeeI07fkECNHrF4iZLs68bvipYW4Upj6YZbqkxFsu3mRz64crCy-xDb1tFt4qddwREW48wmAVS9w0f7NWzvtA7GY6vjD7tSxpjbISeFeE02Qi8ebxwfwuTTTGW9SeMvFsG4KRe0bF2iHc78WIzpW3Mcy9jWHHO2deh8A6--29VyH5BKtfuH1nmtEDJTQIOybnGaKdXF6hUNdtCpvw8UroavV-TdUamV-eGHqpXxMWdvX1nPfPhd50IDm1Ohpgy6iq07QXeTbgYZwJI11shf4Cz-OXhS-qRqqbl8OCh_IQXzGsHUYJXanb5nrG76g8VUl7d1EuNzJVlKJiedC6P5-3b9eMHs-sqWp0KCWl73P11W868IdvFgkrNe4JLIr-YT3naK-xMb6s0t_B35bt7F4nhqBvI0fdB6v9z-FmUVEDW0aXCZrbFoxEsiI_ug97mBgU7jzfTtjcg7wnFD_JoqdfagqBWIax-vSCXqTUWdQd3Nx7K2tbhMDckIB8tIak70CYKR3PDb_J-377GYgM2ew6TB7T2ML3CrpRTkZw6r6Kz-apsPfvPw90vj5EICmpVhl1dk9GXvwYoa54saoIPjqMCpMgaBBwafc4pjhESZROjilNDS4PTxqKysDETO2r2K9fAc_39incOWvw1by8w8iDOM9yS9wm97wijS0kJQ4lJK7xVN_AJHpGFQouAasWt6_PBQe2tNy6BiSLK7_K77SZqKQOZb7KnA--L7mTZV7nsi08uw7RfnLlaZVIUeDh-x1KBGkEYi_YzHw4HQJhOrXsEXP6znmt3J_sxeWAywnDtSHRHsZOXSBCJn5svfxnasyFDXXAw6iS0hAGPY0TlnzvgjJGMbch-UeKo1VPQajElp7lRMQ4HmemDPoWrs7gWovSesMxLRe-RgxXdEWPBWDnBEee2VoGoI6dkcXxl9aMPlLep80W9_XyNuey55t_0CHI1QsCMC2xBRsNB1Wf-jOL7x9Sa1yabSKb4MV4-fjQttncMDUnNjYPauKjIlwr_z9NAC9TLWF9MtL2t5jkonDHOWx4OxgBvPUyxP1QpQLFw3KgrQogxlRzSfbIvouCIf1nZnGRP_44IXME07hv2BYpGkBm8kANBGWlZ_iJ_4yu7a55dKJ6TPLvACibI2Eksgzg5DR4hRfOaS1ao3MxADoruea-GxGG9UCXzzu9xC042r5e2LrQjoZeFqA70WsP2Q_s4Od5ZbTEGSqX8HfHMpAamZzrepfa9zdPa37hTr73wTcNC3iM1NdAPo_embGlgwSJniCwffTcPI0UQKZoWDm6l7ZYP5-3SsWZDRpKqNk_kNL94vGcLg71WnmPmUFv8weVaT7FuU7_j-BUUts_OtFP-M3ipzGb2ul9n-a-Q_-pPFxUHZ-tX10MuUkIYJNT5NB5ANunDaVSFy7TGG938GS1Oga2LD3Isds2m12nEDVsaKH20fU6u1abrHzD5CV67uOvANeoUL3MYsUbnj_oqziDBebH4ISBiw2zn-1EozCSZf9exrAcdTWiS9-gl8JKJjyW27WfoW890cddnC1-8jG5z6dmaXty5hBifP59M1OwStUShsrLWEAtNWKWMIjOL5Qbs-y8ZzzTzVgsOIVypMYeItz7gLsVWXIEqO51nTcX72Ka5ScHUirMPUEzRufY8qaG2oR75U2qiKyo_uAuOfA_MCB3_3PkqiTYg5dMdbxwyqep9651g2snpOGMJUAukAEz2dLHU8AWYpl3Xf2_eJglZiPNm2JgPOC_BgEh51pbfsvp17nxPWT3FSnheyjRiLBufOxQdGf0L5mMCZQRmBH4Qow9O-35-bFTZMOdE_83bOK2_btl4jlg1w3YjfkGFffj-mk9xkGLp3ARc2xIlIk6x60N2v85RA70BKYLd3pMhU4x8xrcSokNfiqSyNuGchgILRYNYwo6-6kYnO0JpYAnAUkiAQZqjVqOlx7GuIZAXKTi1tsJoxPWfild-nccJAwt2839pm5Mh6JeeCJkFL15rw43KA4xZYVhKm6gsBaD_XU37SXtGAwGHtqN1tGhqm3gI1eXtd0Wpz5Bzy7oPu-nFdWVAag-9PnjiWXpzahXvsGK73ge0SJ38Tkbna44IatCkq0nnBdMBuEEhxva1I3zMrm3cEg0uEcJmDcg00Ld3g2VJuOE1ZmxNaA26V2Jdq9QU27xYXyLfKadd0PGFL3uNCeGEIeUCclTOgfNkdAiaYJezD5t_aiuES3BJVZm89DYIxAJvtsj8KupZff2CF93ls8L8Xn-TNsUGWM2Q5Z7HUgbnCc52kDNxKZrFnUaXj58fJrux93JqvDmQPDKib2BLoiU4n3wN_CSlD5wm4qe5jdKLk2r8cqkL_rPcCQptVyZU0o_vU57_7GnShqc0xQ8niFSJmi6HR_h5lr4u8j2N4Ve0wl8uMPJ7DsH4PrKYEwGC_SWwYSlWssqQXOLDXB1_xMLDD8N6dMioPR3s6iC3VM7UbwvZOMd1hM6zzNpM1zv7FIyEDXxHW8lebyIbNv3SFAQhXDIM8w5AdYRw6IxrsPlCP3Y-LuIMDlnOFg79szjhgbsukvrI4NHSNscrbPVukSSXjK_3FsLoP5phW_3yksPPJmxC52ZYOkchNxgIZNy4hSCfCTEG_c7DndgE8&cid=CAASFeRo6vmdPlnv01qJQtdVqVmMGHj2Vg&rfl=1%2Chttps%253A%252F%252Fpostroysitesam.ru%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Sep 2021 11:39:32 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210830/r20110914/ Frame 3960 23 KB
9 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210830/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Sep 2021 11:38:49 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3960 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:04:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92142
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 10:04:49 GMT

GET
DATA 200
OK truncated
/ Frame 3960 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e302b3b795622a59a9d4eb7311ee7399fb17225c4d0a6e791c1a68d9ace05815

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 container.html Show response
337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 94D0 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://postroysitesam.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://postroysitesam.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 02 Sep 2021 11:40:30 GMT
expires: Fri, 02 Sep 2022 11:40:30 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3F2F 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 10:04:50 GMT
expires: Thu, 01 Sep 2022 10:04:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 92141
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/ Frame 6E09 8 KB
1 KB 29ms
14ms Document
text/html 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2456a8d4982334d52ec8103bbe1e8d9494d3403e43c21ed96a64b4758f36e3fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1287
date: Thu, 02 Sep 2021 11:40:31 GMT
expires: Fri, 03 Sep 2021 11:40:31 GMT
cache-control: public, max-age=86400
last-modified: Mon, 16 Aug 2021 13:28:13 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3960 0
592 B 336ms
58ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst9gi0aN690IPRufiQOVUm-Out3vDlqiUjFMRve8s89EB7Uny5w8eGmdwKjihYU9aifmCSJkn1SVRsq-lAUrR9rI7_LcnsIVngbQuOmGAzH_PY1LNgDIGkF4jX9_dQDYOLVorgBBP5A8VB5iVtYby6b66dW-UmLOHJx_91O49fuMrHJubFbYWTLJ-Fkv0CAFS9n_-9tVOn_lokpIxl1qTOE8S7uF907-eBiFPSgj63zbwmxDirFC2D33Llw_Ohs6HF4beUIQnB8gJqC9UeHAIsSW_mGCoY08OfCvCKQqK7lEyYO2mY6-XT5_63biojhC3uawyeFuzEtBZ8ptu9-L6NJOgE_lmk9Jxsiz72hsno8yTiFfkVgT_vEc234NDunPzELKPi0rsImANk6OnfSamG52fDV5Go-NW3Th9aj1Y73jDGMdVJrfhgEvOdvKeMuphxQ2JUxY-6uu4YQZpH-B0M9z8IP4_VHQ-78MbC__rZp9Z3w_fQU2-PEPvEBm-Gqg_QASk3Qyw2bxLvcdkZ33GNfURYYKYNlbWED2mFOaxqM9Aq3yJKH0hs_Rf4e42fxO_B4ygeVyvOOXgo_YMyyfEouAh_w4gA9v64X5jVGyEb2PEBVJ2gUY70P2kWqMWhFoQM7FF6s8ArbMl_r3c6WD3pBxVRnZ0OvIXMEW0immtffjio1fkRMqP5MkT0Koy-dkZf2d9ymIIj3mKylXSLJXKcLGoNgquV3DiNRVFMemzYEllWwKh2jMrXlXLto0SRRI1FaSY053ZcGYxc6FJp4P_fAC0sp8yNXynw7jKPvg34326iX3MMSJ3neetInolr0B8rheEMUgmwyYXt_Mes1HpelAO-heoBRt6_-aCQahRoB-P7CiaLxStGP8zDiAmMI6oHjmWes_s2emH2SE8zObWlNL3LApPvSen5sRnEFpZu2N8HSJAR0Oj0nhF728wDXy9AlQnI-CafNTFTW2bH_Vl6S_528ERc62yjOhUh7ubieS1hfp7Yoj5lFBd2oSbxQcHrznsfM76N9OwJsOD8vqupCH4bODIBUko1SZ5I6jTzic63vsw74I4IgIhmI0luLt6ytj1g75yf2LFjkf_SW9k3PYx_79VUBJmnG2I-XTmX790wWD8l3XAFNgsJBA_YS2Jn3YBcRvjLak7TNODIe0pWDLWebxwO-cVfy0ESIF6rWSBiiWYgkIoVNtqiaXRdL&sai=AMfl-YQ9afAI8ELEuUCy1N3gPcUERwYV-8p2HhfpupdgWnDtWePdFVE43u530g-qGWiPjcdYiu_SbOS3HQeCG778Wk92Bq_iF3tXJAiFQcyQcGC-SiKQj-vyeZr69ozO16Pek85-cQd5AesBW2WX7JPvGPLswMRU3SIHqi01w2A&sig=Cg0ArKJSzIMai3JneYZGEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=173&cbvp=1&cstd=166&cisv=r20210830.21438&adurl=

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 02 Sep 2021 11:40:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 pixel.gif
opt.objectiveportal.com/ Frame 3960 35 B
529 B 316ms
35ms Image
image/gif 195.201.152.90
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://opt.objectiveportal.com/pixel.gif?customer=WEH&brand=WEH&domain=NL&process=banner&campaignid=24960854&placementid=295515083&gdpr=&gdpr_consent=&gdpr_pd=

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

195.201.152.90 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.90.152.201.195.clients.your-server.de

Software

nginx /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.objectiveportal.com objectiveportal.com
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:31 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
etag: 1a5fbbdb-ed89-4d36-bedb-f2d2c241c392
x-frame-options: DENY
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors *.objectiveportal.com objectiveportal.com
strict-transport-security: max-age=63072000; includeSubdomains
content-length: 35
x-content-type-options: nosniff

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/ Frame 013A 16 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2352e44c8f71091370b6edea33429c57deb8e88ffff62fe740b6bf018c51350

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/1737355424967676258/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3826
date: Sat, 28 Aug 2021 16:41:35 GMT
expires: Sun, 28 Aug 2022 16:41:35 GMT
last-modified: Tue, 26 Jan 2021 08:46:32 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 413936
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 94D0 0
0 55ms
54ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNZTTLrgwYb-yOtrWgAf2qK6oCdXi7cBjlp7goPsMh5Xe_dEIEAEgqoDDImCRhICA_BegAdnNp6IDyAEJqQLoU1Pitt6zPuACAKgDAcgDCKoE_AFP0DfIpSWNQPvUbYcAniNZezY8c18WsZUjDnfM6-ahZf7d0MOMKoFZbz0sX6TJVzEtSEgdOERPDh6mFONQKk1Fk3Xe5AtQOREtmWDmJguNjtRrn132BZFxsYzeZr1FY3cFVyQJTxolEZ2-eZiJFg5Mg0jzJV4zR5moKuMlqaEZRxfSp231DJZsmvnnrjIEm71-Q9BL7eeYltySPupqnto1BlR-mE3uvgD93tbYl_bi2rs2m-4kV6UMZIgnyjJgmYNFrGvAoi2mYQ9zfxMdvhuqCJdxgt2WCQ5hhkt3A65KZA9mkYTcrQRyp26JqRY8NqcN7uXYv1FEvLStZ0_ABLbChJS_AeAEAZIFBAgEGAGSBQQIBRgEoAYugAePsthdqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G9gHAPIHBBDBpBPSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTYyMTU0NjIxNjU3NjU1NzGACgPICwHYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItNTUxMjM5MDcwNTEzNzUwNxiS7yE&sigh=XVt0D3AQZMA&template_id=419
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/ Frame 94D0 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/abg_lite_fy2019.js

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Sep 2021 11:37:02 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 94D0 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/window_focus_fy2019.js

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:37:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Sep 2021 11:37:59 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 94D0 122 KB
37 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 94D0 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Sep 2021 11:37:54 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 3F2F 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 15:26:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 159240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 15:26:31 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0654 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlXm6MBaFH7HPSVBIu8q4dLlsY7s03UTV6qT9A3zdXdKsnfpIbEtKAInNxWi4Y; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 02 Sep 2021 10:57:38 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2573
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 94D0 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 164c1611289009050907c004e7618091f155e73b98820dc5d2dbbe33a9f1b0e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012108170213000/ Frame F429 188 KB
55 KB 160ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c76cc68adbbc958993e23bf9ad18979f7aeaab6274b1f2322afb581d22eb855f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 51926
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55333
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 21:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "55ff93a1040e5c38"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 21:15:05 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame F429 13 KB
5 KB 174ms
23ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 52835
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4999
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b551ff8c0a78d7e"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame F429 89 KB
28 KB 170ms
19ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 52835
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28538
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "523ca413d5eb4bb0"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame F429 4 KB
2 KB 174ms
24ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 52835
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a4d9605fb26cf0ce"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame F429 40 KB
13 KB 173ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 52835
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12821
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bd81b3ba02634f28"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame F429 6 KB
669 B 24ms
21ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 11:31:16 GMT
server: ESF
date: Thu, 02 Sep 2021 11:40:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H3-29 200 6592766407814317453
tpc.googlesyndication.com/simgad/4783575139474060137/ Frame F429 80 KB
80 KB 58ms
57ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4783575139474060137/6592766407814317453

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c07cd68efe7e22eab2888cd20792f2d02de547ee5cbf8239cfc534ca497ea3b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 13:02:11 GMT
server: sffe
x-dns-prefetch-control: off
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82213
x-xss-protection: 0
expires: Fri, 02 Sep 2022 11:40:31 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15531817105779900815/ Frame F429 9 KB
9 KB 7ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15531817105779900815/downsize_200k_v1?w=100&h=100

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d83fd297052bed5283f2b8c6f0999049f3cb5eafe007b365e9ef9107b39181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:01:02 GMT
x-content-type-options: nosniff
age: 92369
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8757
x-xss-protection: 0
last-modified: Fri, 22 Nov 2019 13:37:04 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 10:01:02 GMT

GET
DATA 200
OK truncated
/ Frame F429 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F429 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ce5ebd73174d880c465c4d20a34cf756741aa0c93bb41305137d50c0f3ffe691

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F429 3 KB
3 KB 7ms
5ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:25:21 GMT
x-content-type-options: nosniff
server: cafe
age: 910
etag: 6726277462267614359
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Fri, 03 Sep 2021 11:25:21 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F429 344 B
370 B 7ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Sep 2021 18:28:40 GMT
x-content-type-options: nosniff
server: cafe
age: 61911
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Thu, 02 Sep 2021 18:28:40 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F429 0
0 54ms
53ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CyrCiL7gwYd7oDdTE-gbNzazwD7mxt61k2tnDr-wMk_jS8tgcEAEgqoDDImCRhICA_BegAZ7myscDyAEJqQLoU1Pitt6zPuACAKgDAcgDCqoE7gFP0MlDw4OyBRRqW1ZfG9gmMjZDMawmvy3LVDxC3Vl6HZjX6jFggsckf7-d9dkwO3c0bFdQoN4rcct6OO27fdpOiMUzcv6C5Z9m-9X-3twIzhhdmgI3kifBAs8oSGvj3jW1b4suDYZuqurlyQz65lilJAjORXJgWOdHQIftWscIK9wI6RSxmqJAj30CiSvZcj9zP2B33VhQetYtDEsDnza_gXB56n_xoGR-OQGTOwVAou4T0cZJyjOHB4r23PuUih2OFIugZbae0mo3aRtS3hFvBIpTxUhJyOnX13-aFRwSLFqTUf8N_lrswKHdDRGYwASx_-D_qgPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHypm1OKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQp90F0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi02MjE1NDYyMTY1NzY1NTcxgAoDyAsB2BMCiBQF0BUBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=YkH9tLELG2s&template_id=484
Requested by: Host: postroysitesam.ru
URL: https://postroysitesam.ru/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame F429 15 KB
15 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://postroysitesam.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 07:18:45 GMT
x-content-type-options: nosniff
age: 534106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Aug 2022 07:18:45 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame F429 15 KB
15 KB 17ms
16ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://postroysitesam.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 16:32:47 GMT
x-content-type-options: nosniff
age: 414464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 16:32:47 GMT

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 61ms
60ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gpt_2021082701&jk=4432620224606174&bg=!5Oel56PNAAZOkH6FTpA7ACkAdvg8WoqnNYShS6JAWKpgt_1rQ2lbbIszDBsq-t0zz_jMCIlnvlkYUQIAAAFxUgAAABZoAQcKAAlxBDd6B5KFLR-ZAngcbH1BuIj_tvzcxhrNCYIOOz0xiw6dWA16poQVThHrW7B4GbJzAssdcZpVldB9KTJKrbggZIBunGyiBXn6nQjRNaU0BvWw12JNb4iZNh0sYSU0KIJo5rD30HjdnyQOB6z_RuDUpMAn8zJVkQTw20riq-WdWsirsaXdzLJGgbNo-k8bSQerGvDab8U3czf1YJqic-xfcUxpqK5h9RdxvmaZyrcMfUeUVwBRJLERX_r0vBJC3cnZojNAS8ExsYP0cQFJATxV4r592L7ayQI_YTnyrde0kFhUqHmzQNYQbTgVU-Rk6vY0cyLHX3E5DhTW170YErqGdIIUWVh_3EnxY3M9lgzRL4K1tDIj-ybmtazjI6VHsSRlU8L8DpsUAFZHFjkqJAXAnRDbeoewqLw6GAtoVpe4H-rf3EtJqM0N3IflaI3dTcj9-LpQD0VYUk0XAm58is3ynNBsyCdGUWfyY_7CUlgF2Dn-veo3GK1HP-xb9bcPG4kbGpWLJNKeh9ZLbFwzKv4ppabZlZo4LGtehNWSTPvDss62USOd7zmEzOXBVhHC9K1D_FXqySL52QSqObqhd1VgaTO-Xy-YCiAxSLWbuiq7aaYXQFMyrd0xcxEQSy39CIwCIWSa1vYM7G5GpZMll7yb5mWuLuEhT72uPE0UX_WRtO-LqoV13vJTtn_Ei-3GfD6lgwIv60GzGA_j03erG-P4apBmJ_K7g8zmQUvf1ZqWAkeXuLCe9y6OJIBrDFMLLGhaZMsbkMtED7QMVAvUTO7ssHtxW_0Tg9xpVd8CelVzLiN-HhuMNXMpTfx4DN1W6MX3Le4C1y5PYbwgKaCG4CpIULY0DQ
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 jsf.css
s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/ Frame 6E09 8 KB
2 KB 10ms
9ms Stylesheet
text/css 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb86387ede1ae4d3ccde88c1fb59c6e038155719124135e8e5e60e6b7be7514d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 08:31:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11315
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1655
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 13:28:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Sep 2021 08:31:56 GMT

GET
H3-29 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame 6E09 116 KB
39 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 04:50:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24581
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Sep 2021 04:50:50 GMT

GET
H3-29 200 feedImport.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/ Frame 6E09 11 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/feedImport.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aac79529a8c3f553f89f439b86d32a07fd3973327817352a2846b699a94f9d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 08:31:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11315
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 13:28:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Sep 2021 08:31:56 GMT

GET
H3-29 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 6E09 60 KB
24 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H3-29 200 slides.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/ Frame 6E09 9 KB
3 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/slides.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c042acd5ba8318d0d18bcd6c01f11badeaf19f62add9c6cb52668f7f11a108bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 08:31:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11315
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2629
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 13:28:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Sep 2021 08:31:56 GMT

GET
H3-29 200 swipeHandler.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/ Frame 6E09 7 KB
2 KB 13ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/swipeHandler.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d1c2d57d2e7434813cb116c8bdbfdde64c9d50add9f2fa0dc7b552977398807

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 16:12:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70103
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1986
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 13:28:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Sep 2021 16:12:08 GMT

GET
H3-29 200 swipe.svg
s0.2mdn.net/creatives/assets/4008410/ Frame 6E09 38 KB
28 KB 13ms
7ms Image
image/svg+xml 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4008410/swipe.svg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da38b17bcd33d8afdfb2ba334966431117fd9717ef7bd752c0102e5340243d15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28531
x-xss-protection: 0
last-modified: Tue, 19 Jan 2021 11:46:14 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Sep 2021 11:53:47 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 013A 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 22:57:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45799
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 02 Sep 2021 22:57:12 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 013A 26 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 14:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76485
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 02 Sep 2021 14:25:46 GMT

GET
H3-29 200 d4ceb2f8dae22535edea7d1c9b8d7c2e.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/ Frame 013A 75 KB
19 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/d4ceb2f8dae22535edea7d1c9b8d7c2e.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b897f80be17cf6623b8ecf2101fade714236c5ec74042fbbf9495d4ebf406e3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 135220
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19666
x-xss-protection: 0
last-modified: Tue, 26 Jan 2021 08:46:32 GMT
server: sffe
date: Tue, 31 Aug 2021 22:06:51 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 22:06:51 GMT

GET
H2 200 spinning-circles.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/ Frame 6E09 3 KB
631 B 29ms
8ms Image
image/svg+xml 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/spinning-circles.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

320bdb63f5150f35fa6b9f3de2f204ed2caea8d6207cdb82ebfafb1ee136f818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 05:01:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23925
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 471
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 13:28:13 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Sep 2021 05:01:46 GMT

GET
H2 200 Gibson-Regular.woff2
s0.2mdn.net/creatives/assets/4018236/ Frame 6E09 10 KB
10 KB 27ms
7ms Font
font/woff2 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4018236/Gibson-Regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

314620316b791996fa0238a4ec9ec6fdfe87e76f66e7023b8057b713521be828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:35:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Jan 2021 14:42:40 GMT
server: sffe
age: 295
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10016
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:50:36 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 013A 4 KB
751 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fira+Sans:500|Roboto:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/d4ceb2f8dae22535edea7d1c9b8d7c2e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

066dd1d49c7a86f41ca48a7d9fbfeb5672f082535c52e334577c8161e855f794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 10:41:29 GMT
server: ESF
date: Thu, 02 Sep 2021 11:40:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H2 200 16e5b21d7ff905ff704008736c0724c6.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/media/ Frame 013A 75 KB
77 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/media/16e5b21d7ff905ff704008736c0724c6.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1404eb92d6077f328ac397bb8e00f8be1bcd0a5ee323c9d2d528b590a9aaf547

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 131930
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77259
x-xss-protection: 0
last-modified: Tue, 26 Jan 2021 08:46:32 GMT
server: sffe
date: Tue, 31 Aug 2021 23:01:41 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 23:01:41 GMT

GET
H2 200 ab5fc5dd815c6abf70632da43a178db4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/media/ Frame 013A 2 KB
2 KB 19ms
18ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/media/ab5fc5dd815c6abf70632da43a178db4.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

075a0843ad67a01eac61e9ee747fa8b029997166f4193c2c1ae16bd8dfa8b72e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 157559
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2325
x-xss-protection: 0
last-modified: Tue, 26 Jan 2021 08:46:32 GMT
server: sffe
date: Tue, 31 Aug 2021 15:54:32 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 15:54:32 GMT

GET
H2 200 4b30be88d98dd000f0c7ee9ba240b468.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/media/ Frame 013A 5 KB
5 KB 18ms
17ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/media/4b30be88d98dd000f0c7ee9ba240b468.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1737355424967676258/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

629b096c96e919a4205ec881e1b8393d450d3adf943c43d1315149579e59dafe

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 27991
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4950
x-xss-protection: 0
last-modified: Tue, 26 Jan 2021 08:46:32 GMT
server: sffe
date: Thu, 02 Sep 2021 03:54:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Sep 2022 03:54:00 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3960 0
60 B 51ms
51ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: postroysitesam.ru
URL: https://postroysitesam.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:40:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6E09 6 KB
4 KB 18ms
18ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b947ef43a236d8329a012e019442f3972d9d990ec7f9bd3cb78da4eddf1c7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4475
x-xss-protection: 0

GET
H3-29 200 logo_wehkamp_invert.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/ Frame 6E09 2 KB
1 KB 10ms
8ms Image
image/svg+xml 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/logo_wehkamp_invert.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78574174d5b18079f8423e30ab99fdad1f7e54284d05cfd2059db360fced591c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 08:39:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10863
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1014
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 13:28:13 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Sep 2021 08:39:28 GMT

GET
H3-29 200 logo_wehkamp.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/ Frame 6E09 3 KB
1 KB 15ms
13ms Image
image/svg+xml 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/logo_wehkamp.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fcf86c704309b49a15eff04d3568918453da2124d7995c80bd1480096dbc08d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 05:10:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23411
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1145
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 13:28:13 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Sep 2021 05:10:20 GMT

GET
H3-29 200 1000x1000-socialpaid-display-category-intent-Autumn-1-35-wk35_1630364453626_1000x1000-socialpaid-display-category-intent-Autumn-1-35-wk35.jpeg
s0.2mdn.net/dynamic/2/10779688/images.wehkamp.nl/i/wehkamp/ Frame 6E09 55 KB
55 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10779688/images.wehkamp.nl/i/wehkamp/1000x1000-socialpaid-display-category-intent-Autumn-1-35-wk35_1630364453626_1000x1000-socialpaid-display-category-intent-Autumn-1-35-wk35.jpeg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d5556669b05384e9a623e70805a0b69f7147f5818e3d9a83e123029a10f91db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 05:00:22 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 23:00:57 GMT
server: sffe
age: 196809
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56731
x-xss-protection: 0
expires: Wed, 31 Aug 2022 05:00:22 GMT

GET
H3-29 200 400-400-display-leeg-png_1620442864860_400-400-display-leeg-png.png
s0.2mdn.net/dynamic/2/10779688/images.wehkamp.nl/raw/wehkamp/ Frame 6E09 2 KB
2 KB 14ms
13ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10779688/images.wehkamp.nl/raw/wehkamp/400-400-display-leeg-png_1620442864860_400-400-display-leeg-png.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

372a48f55cbbf0d9a2d1722a19e66960beff605158a3d22e959628e40831ec44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/index.html?e=69&leftOffset=0&topOffset=0&c=SrVtHRdT2T&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 05:01:28 GMT
x-content-type-options: nosniff
last-modified: Sat, 08 May 2021 03:01:08 GMT
server: sffe
age: 23943
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2063
x-xss-protection: 0
expires: Fri, 02 Sep 2022 05:01:28 GMT

GET
H3-29 200 Gibson-Light.woff2
s0.2mdn.net/creatives/assets/4018236/ Frame 6E09 9 KB
9 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4018236/Gibson-Light.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8505830998b8fd36576fabb9edcad89de5a2d1fd091676d8683764290995867

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:28:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Jan 2021 14:42:44 GMT
server: sffe
age: 721
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9640
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:43:30 GMT

GET
H3-29 200 Gibson-SemiBold.woff2
s0.2mdn.net/creatives/assets/4018236/ Frame 6E09 10 KB
10 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4018236/Gibson-SemiBold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b1d246693b8d76f17449020ead36b1488af1d16a198e8f0044a0ee0a5b290a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/jsf.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:28:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Jan 2021 14:42:36 GMT
server: sffe
age: 721
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10044
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:43:30 GMT

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0654
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
150 B

42ms
42ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
URL: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 02 Sep 2021 11:40:31 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 02-Sep-2021 12:40:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 02 Sep 2021 11:40:31 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 02 Sep 2021 11:40:31 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6E09 17 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 11:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Thu, 02 Sep 2021 11:40:31 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 013A 15 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans:500|Roboto:700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 07:18:45 GMT
x-content-type-options: nosniff
age: 534106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Aug 2022 07:18:45 GMT

GET
H2 200 va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
fonts.gstatic.com/s/firasans/v11/ Frame 013A 22 KB
23 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v11/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans:500|Roboto:700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d28cae33a9cff1cd54246e2bca04018f101451707a5b5f426d32ea768e911186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 10:57:19 GMT
x-content-type-options: nosniff
age: 520992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22920
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 22:06:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Aug 2022 10:57:19 GMT

GET
H3-29 200 3VBCxQMuFeflN3ldnXIT7YQtw8QPm-3IluxfpK8Vf0c.js Show response
pagead2.googlesyndication.com/bg/ Frame D364 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3VBCxQMuFeflN3ldnXIT7YQtw8QPm-3IluxfpK8Vf0c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd5042c5032e15e7e537795d9d7213ed842dc3c40f9bedc896ec5fa4af157f47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 09:33:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13381
x-xss-protection: 0
last-modified: Mon, 23 Aug 2021 08:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 02 Sep 2022 09:33:14 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F2F 0
20 B 44ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9r0kL7gwYaGSCJzH7_UPzYGvwAoAAAAAOAHgBAI&bg=!m5ilmNzNAAYJpm41CaY7ACkAdvg8Wk71Yt7jh-q3KfAPVpsE8GG_TjbIuH_egDn43X3fyEaW_z2N2AIAAAE-UgAAAD1oAQeZAtMpEH550fhewBakdQqqFi3Gdf9wtpJOrrERsUtJul-1Dzc_2fcoavFODHw41-npCj6vV0u-cdnsnQLENbtKKzSecT33MS5wTqs7wtx0rSQbiIE7Syb0YAJXONdWi-Aj5LM0EWkv3xzlSlVBZ2lBn1yANNymYCwZy84G1DOjWC7BmH0SUqLRWDXzqPoornyhJsNtPF2eZEEpVPlZ2KYLFWVn7H1KZYQL-8hcNAmmxKKzExVX9hARn2DjFFdcGh-_XhsJf0jt9RP-egMI8Bg6QWxTJWwib7e2WysIup6iBFpZ9BjhfuPjoxQB-QkhNscyflkfFE6tXVkZ9XI86aF4Y8H-te11Mmna3XULW8ricRxG9k448OFnITftCt4_gdLCsxRFb9lTrFxPtwoxWwoFJdaHpPn917PMX477IS-V-bzWkzi_TkLLAyJ1yKBuqZyNFm8BM6O21MJl26HxSO6rZVZkcy1O0WKQw3Xrlckyq8ob2a43FAxqgWZRGOgC7p8BFw-hSFzKB9KvL-XFZKja2oQmdVxVIG5UtGtuEchT0WzGaXbl2qHb2V3Gj6JukWQNtKLsRCJGZ6gfxTY7ONLsy6qgsE9M3-2WC26EvSDD9VpubFsTEksD6_0BaG1ZFIa6Xc9JDmZGoFOgB4tBd3gaTk6vuV_LBTg3DEvDXN0ikKV4qMQJBWkYigNglqC5ahI9XMTZpABxKCziHB51LIFnFQ_4G8mq_vupSxR43t8LR0xsBpQIqWRe3clUr35EPXnbvRM7MWvBjiUnpp2zLo5ugCfrKaPVMh-fpVR-nWDn_ntbGOLmvShMU_5xIzlkLt4qH3jdpU4Y62V40fMc6Xeo8-gjqcoNU7PjfcO8KAYPY4DFSBekDO3LGwaarCqJd_TxdP6R1PCUOycacLgv7AyntOoFt7RV-ktGhUETirxlQuCwq_xFzNWeCKmGMF4fynfpF9KFnbU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3960 42 B
64 B 45ms
31ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvzVI-VdtEm1HlXCjRZJ7i1yH9AjwKP9wDE1oEYy6gow0RdfgQi2qi4TY3eV2KJZx6_V-E7KA0Y9c-oN_1MsOTLs8ZOyyx29fCU_l7SHB_iLlCMw9V8mj01IJeRRg&sai=AMfl-YRg05WVbZN_9twUFU88G0T_c2TfYCze086yAOL1mIzfmWf3vRK1z5wFGh8On8q9r4XkeZ_fVpFWYAAicNAsBR8331E81XhJEKPfVrUlWg5yfh4JiJuqMgAMi9GwHhs&sig=Cg0ArKJSzExqDI4NreOVEAE&cid=CAASFeRo6vmdPlnv01qJQtdVqVmMGHj2Vg&id=lidar2&mcvt=1000&p=165,315,415,1285&asp=165,315,415,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=938372444&rs=4&met=ce&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630582830991&rpt=300&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F429 42 B
64 B 34ms
33ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsve4OArqG4y7KXfllzFD9ikdzEXQxQ7qvsFC4SoxEPEZYg_FB3S98LDq7J8MsQHqMnldrx45JNTZXfJXSVRD-0QHvrOpvGdbXhqcwzyzE8datsJqUPkwu1lOgblVevFwwgrzj81wzMFOAt0fbmEXuEVxA&sai=AMfl-YRGVwbAUoA0iV2ExpvrdlgqI2aUWzP4T4rzYbcK-nJtw5qiiQfFf9LhL90TFzO1CK_o_dU2N6Yjqb1_iWBWwtCqHQOe9pH92cI9MIsKfKGdNx05IFWkWvu_W98KSfmq&sig=Cg0ArKJSzAOMkFTaNc7PEAE&id=ampim&o=315,1100&d=970,100&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=172&tls=1172&g=100&h=100&tt=1172&r=v&avms=ampa&adk=2121817100

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 76059667 Show response
mc.yandex.com/webvisor/ 43 B
73 B 246ms
50ms XHR
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/76059667?wmode=0&wv-part=1&wv-hit=60118096&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&rn=801492309&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1630582833%3Aw%3A1600x1200%3Av%3A631%3Az%3A120%3Ai%3A20210902134033%3Au%3A1630582830310724616%3Avf%3A25rt5xty9edhsiwjn9%3Awe%3A1%3Ati%3A2%3Ast%3A1630582833

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:33 GMT
last-modified: Thu, 02-Sep-2021 11:40:33 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://postroysitesam.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 02-Sep-2021 11:40:33 GMT

POST
H2 200 76059667 Show response
mc.yandex.com/webvisor/ 43 B
145 B 175ms
51ms XHR
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/76059667?wmode=0&wv-part=1&wv-hit=60118096&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&rn=180976504&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1630582833%3Aw%3A1600x1200%3Av%3A631%3Az%3A120%3Ai%3A20210902134033%3Au%3A1630582830310724616%3Avf%3A25rt5xty9edhsiwjn9%3Awe%3A1%3Ati%3A2%3Ast%3A1630582833

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:33 GMT
last-modified: Thu, 02-Sep-2021 11:40:33 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://postroysitesam.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 02-Sep-2021 11:40:33 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 4BDF 52 KB
17 KB 81ms
27ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://postroysitesam.ru/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://postroysitesam.ru/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 03 Sep 2021 11:40:35 GMT
Date: Thu, 02 Sep 2021 11:40:33 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame A92E 52 KB
17 KB 81ms
29ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://postroysitesam.ru/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://postroysitesam.ru/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 03 Sep 2021 11:40:35 GMT
Date: Thu, 02 Sep 2021 11:40:33 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame FF47 52 KB
17 KB 80ms
27ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.35.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://postroysitesam.ru/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://postroysitesam.ru/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 03 Sep 2021 11:40:35 GMT
Date: Thu, 02 Sep 2021 11:40:33 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 4BDF
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
799 B

26ms
23ms

Script
text/html

185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:33 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 6b8826ed-b489-4ec0-9a93-1b50488ba171
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:33 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e45ae19b-4cda-41dd-a212-52a9e2290293
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame FF47
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
799 B

68ms
49ms

Script
text/html

185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:33 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 699e60dc-53d3-4c74-9d69-543d47784e9e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:33 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 1395d4ac-a016-4eec-a8f1-8fd48df715e2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame A92E
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
799 B

55ms
50ms

Script
text/html

185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:33 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c65fbee3-61bf-4c11-9869-7b79324dd3ff
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:33 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: fbe1c82d-050f-41b8-be9c-afca4dea6831
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 4BDF
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
799 B

20ms
19ms

Script
text/html

185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:34 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 71590ad4-6c71-414b-91bf-ff3b4ca544d8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:34 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 05873027-771e-48fa-9bbc-145838915e3e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame FF47
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
799 B

20ms
19ms

Script
text/html

185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:34 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 63eb61af-001c-4ae1-9ac9-45b4ff75b903
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:34 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e5e797a5-4a31-40ad-978b-67c6961fc17b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame A92E
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
799 B

19ms
19ms

Script
text/html

185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:34 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e53849d2-77d7-4fab-a4d9-84e326a26aea
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 02 Sep 2021 11:40:34 GMT
X-Proxy-Origin: 159.48.55.7; 159.48.55.7; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 3d2a49e4-23b0-4cc5-a94c-24fc5a36612c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 76059667 Show response
mc.yandex.com/webvisor/ 43 B
145 B 57ms
55ms XHR
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/76059667?wmode=0&wv-part=2&wv-hit=60118096&page-url=https%3A%2F%2Fpostroysitesam.ru%2F&rn=854344508&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1630582835%3Aw%3A1600x1200%3Av%3A631%3Az%3A120%3Ai%3A20210902134035%3Au%3A1630582830310724616%3Avf%3A25rt5xty9edhsiwjn9%3Awe%3A1%3Ati%3A2%3Ast%3A1630582835

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://postroysitesam.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:35 GMT
last-modified: Thu, 02-Sep-2021 11:40:35 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://postroysitesam.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 02-Sep-2021 11:40:35 GMT

GET
H2 200 dc_oe=ChMI4eW0s5rg8gIVnOO7CB3NwAuoEAAYACC_zKFKQhMI4IOWs5rg8gIVFIR7Ch15rQYC;met=1;&timestamp=1630582841873;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 3960 42 B
300 B 65ms
62ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI4eW0s5rg8gIVnOO7CB3NwAuoEAAYACC_zKFKQhMI4IOWs5rg8gIVFIR7Ch15rQYC;met=1;&timestamp=1630582841873;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Sep 2021 11:40:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
postroysitesam.ru/	1970-01-20 06:18:06	Name: cto_bidid Value: YKIq8l9DNmolMkJoYUhnRVpZV3RWTHY5WnMlMkZjY2NLY2xsNWF6TWR0QjVoS3dmQjU0cHNxS3U5ZHN6alJQZHhSekZCSEpsTVptU1FZVGhWSzRxRUtydDh1SFlDQVElM0QlM0Q
postroysitesam.ru/	1970-01-20 06:18:06	Name: cto_bundle Value: 8fHWIV9CdThQVTVJRXFBb1czQ2tac01teHJORDJPUEE3MzE4QzA0MldNeXMxbnQyY3NvQ1JjMERpTU5lM0FEZFRKSVF4MEFLMVBqdWMlMkJwUkVGQVpXTk4zeHBqcm9qdkNYRkg3T3luOUt5JTJGcmRMcVNEUjVMQzVJeXhIcGptJTJCVkZBbmpRdQ
.postroysitesam.ru/	1970-01-19 20:57:34	Name: _ym_isad Value: 2
.postroysitesam.ru/	1970-01-20 05:41:58	Name: _ym_d Value: 1630582830
postroysitesam.ru/	1970-01-19 21:39:34	Name: _pbjs_userid_consent_data Value: 6683316680106290
.postroysitesam.ru/	1970-01-20 05:41:58	Name: _ym_uid Value: 1630582830310724616
postroysitesam.ru/	1970-01-19 21:06:27	Name: __oagr Value: true

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://majorpusher1.com/?pu=he3tgnldmi5ha3ddf4zdaoju(Line 167) Message: Error: Browser is not suitable for subscriptions
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js(Line 6) Message: [GPT] Ignoring the PubAdsService.enableSingleRequest() call since the service is already enabled.
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js(Line 6) Message: [GPT] Ignoring the PubAdsService.enableSingleRequest() call since the service is already enabled.
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082701.js(Line 6) Message: [GPT] Ignoring the PubAdsService.enableSingleRequest() call since the service is already enabled.
console-api	info	URL: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2108170213000 https://postroysitesam.ru/
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/swipeHandler.js(Line 219) Message: 3
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61857953/20210816062813581/wehkamp_awareness_970x250%20/slides.js(Line 233) Message: frameTest 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

337a8b56b2c923a537ca0df20f38c84c.safeframe.googlesyndication.com
acdn.adnxs.com
ade.googlesyndication.com
adservice.google.com
adservice.google.nl
adx.adform.net
cdn.ampproject.org
cdn.jsdelivr.net
cm.g.doubleclick.net
cmp.optad360.io
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
get.optad360.io
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
majorpusher1.com
mc.yandex.com
mc.yandex.ru
mug.criteo.com
opt.objectiveportal.com
pagead2.googlesyndication.com
postroysitesam.ru
prebid-eu.creativecdn.com
s0.2mdn.net
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.postroysitesam.ru
104.248.83.85
135.181.117.225
142.250.185.130
142.250.185.226
142.250.185.66
178.250.0.157
185.184.8.65
185.33.221.91
195.201.152.90
2.18.232.130
2.18.234.21
2600:9000:2156:ae00:11:a4de:2580:93a1
2600:9000:2156:f800:6:b871:4f00:93a1
2a00:1450:4001:801::2006
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:810::200a
2a00:1450:4001:812::2002
2a00:1450:4001:812::2004
2a00:1450:4001:813::2001
2a00:1450:4001:827::2003
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a02:2638:1::13
2a02:6b8::1:119
2a04:4e42:3::485
37.157.6.253
0104f3e7f882df52e8e0b28ae4b7275df06037738e97a10144747a7f76e1a779
0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467
05ea8687fe45f48c7a0ebaef709b24f671d9168e057689aecf5c6c99b574b0d5
066dd1d49c7a86f41ca48a7d9fbfeb5672f082535c52e334577c8161e855f794
075a0843ad67a01eac61e9ee747fa8b029997166f4193c2c1ae16bd8dfa8b72e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1404eb92d6077f328ac397bb8e00f8be1bcd0a5ee323c9d2d528b590a9aaf547
145ed71ab10590d4ee774270ac8dd21c7974658d923d75d19abe12a9b68fb0cb
164c1611289009050907c004e7618091f155e73b98820dc5d2dbbe33a9f1b0e8
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
2456a8d4982334d52ec8103bbe1e8d9494d3403e43c21ed96a64b4758f36e3fc
2b1d246693b8d76f17449020ead36b1488af1d16a198e8f0044a0ee0a5b290a9
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
314620316b791996fa0238a4ec9ec6fdfe87e76f66e7023b8057b713521be828
320bdb63f5150f35fa6b9f3de2f204ed2caea8d6207cdb82ebfafb1ee136f818
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33bb23766d0e3326c4595016dd9fb63f91717ea5e4b59b7bae841090004a0872
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
372a48f55cbbf0d9a2d1722a19e66960beff605158a3d22e959628e40831ec44
3749bda29d24cdf7a2297ce96c2e30a0f7a3f8dee83814b4a16b33f2aa46f9d4
3c5893a2b3e97ecf428e17883166fef08e70687b76c10d5b5367b2aeb461711a
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
425a83ca727f9e2deb8d5dd6087560f3e51d601fb14c1ed975450050c832137a
47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5
48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b897f80be17cf6623b8ecf2101fade714236c5ec74042fbbf9495d4ebf406e3
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e
5d09f11d2c54d54350eb757759c3dab777a448dd26b9c8243eaff4638565ced7
5fcf86c704309b49a15eff04d3568918453da2124d7995c80bd1480096dbc08d
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
629b096c96e919a4205ec881e1b8393d450d3adf943c43d1315149579e59dafe
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d1c2d57d2e7434813cb116c8bdbfdde64c9d50add9f2fa0dc7b552977398807
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
78574174d5b18079f8423e30ab99fdad1f7e54284d05cfd2059db360fced591c
78f4a3114e3738eab1ffd31cbd3611435034197ecc40456f3ed43f82af4393d3
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
8d5556669b05384e9a623e70805a0b69f7147f5818e3d9a83e123029a10f91db
904cbc05899d55093c65a0c1ce5cadbb65e6e5a81140c4a5229ece0eeb21b518
9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad
92161b5c677b5d81f46b5244f457f93732f6adc3eaaf4f5aa86d962cfbb71628
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
96e61209b1c1fff1abe78fb763fbf093a04e6e992dc24b299ab1c4c5f4272f16
9acaa7a0b5fef6a1b1077dc688f673e8f074c8273a70cb0f34b1c215ae40706a
9b947ef43a236d8329a012e019442f3972d9d990ec7f9bd3cb78da4eddf1c7b3
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a554c660d241d1cbe5acd71675154b2a6242fa593a5dbeeb80ce8db0f7b33f90
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a6d83fd297052bed5283f2b8c6f0999049f3cb5eafe007b365e9ef9107b39181
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aac79529a8c3f553f89f439b86d32a07fd3973327817352a2846b699a94f9d60
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3e0dcd1ce85699e960acfde52551ae7162a0a1ff7be3f1520f0b896d0863ac9
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
b6b8faf85c798b4a03093f7aa60ff2bcfa813d78161cc31f8daecccc0b025eca
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b92ad0a4155446d073295a68374ed61c1e64b2f6f7195bb1c077febc44cc2e68
b9389cb6583f0d743318d61d4f74c3029eb5d8ed7e96b04712ebadfb2c3ad850
bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967
bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2
c042acd5ba8318d0d18bcd6c01f11badeaf19f62add9c6cb52668f7f11a108bc
c07cd68efe7e22eab2888cd20792f2d02de547ee5cbf8239cfc534ca497ea3b8
c6f45c3519ade4d04e2c4757f6a291eb85e1f0785d4325676455214f589577ba
c76cc68adbbc958993e23bf9ad18979f7aeaab6274b1f2322afb581d22eb855f
cb86387ede1ae4d3ccde88c1fb59c6e038155719124135e8e5e60e6b7be7514d
ce5ebd73174d880c465c4d20a34cf756741aa0c93bb41305137d50c0f3ffe691
d2352e44c8f71091370b6edea33429c57deb8e88ffff62fe740b6bf018c51350
d28cae33a9cff1cd54246e2bca04018f101451707a5b5f426d32ea768e911186
d640582996bcd73cccd97307857404c0b53f5f8bacd9f3269c7e6ad9b81ebd5d
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d8505830998b8fd36576fabb9edcad89de5a2d1fd091676d8683764290995867
d9a33a10dce08b3598b6049de730d3c86f1b633167284dd4e2c1d25fbb222ae2
da38b17bcd33d8afdfb2ba334966431117fd9717ef7bd752c0102e5340243d15
dd5042c5032e15e7e537795d9d7213ed842dc3c40f9bedc896ec5fa4af157f47
e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182
e302b3b795622a59a9d4eb7311ee7399fb17225c4d0a6e791c1a68d9ace05815
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e548abcd8734bfcf8b4ebbbca1af98f9e8ae1e0ff884c0971f29498a4fc108f4
ea687404cc26fb476a51bee39c21b8e348ae9268658143598110ba6e73901751
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f00cbff80acd2fd4fff77cc3cfc9f6d74e6927e5d768c1d64c87cb358ead9889
f3b0f06f09b0232b65410d7789ac78ea3bdba78d0ec75bc46d8f0bb2a0a5960f
f454f7be1fec9897cc6469f96ef30fcaffa14e3ac530295f7fae092b87300eed
f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3
fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

postroysitesam.ru Open in urlscan Pro 135.181.117.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

136 Requests

100 %HTTPS

59 %IPv6

21 Domains

32 Subdomains

30 IPs

7 Countries

1946 kBTransfer

3945 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

136 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

postroysitesam.ru Open in urlscan Pro
135.181.117.225 Public Scan

Screenshot
Live screenshot

Full Image

136
Requests

100 %
HTTPS

59 %
IPv6

21
Domains

32
Subdomains

30
IPs

7
Countries

1946 kB
Transfer

3945 kB
Size

7
Cookies

136 HTTP transactions
4 data transactions