www.mroferto.rs Open in urlscan Pro
78.24.14.160 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mroferto.rs/
Effective URL:
https://www.mroferto.rs/
Submission: On May 22 via api (May 22nd 2024, 5:04:55 pm UTC) from US — Scanned from DE

Summary HTTP 66 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 15 IPs in 4 countries across 11 domains to perform 66 HTTP transactions. The main IP is 78.24.14.160, located in Czech Republic and belongs to VSHOSTING, CZ. The main domain is www.mroferto.rs.
TLS certificate: Issued by R3 on May 10th 2024. Valid for: 3 months.

This is the only time www.mroferto.rs was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 11	78.24.14.160 78.24.14.160	43541 (VSHOSTING) (VSHOSTING)
4	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
30	172.67.176.206 172.67.176.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1f::9d	15169 (GOOGLE) (GOOGLE)
2	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
1 1	216.58.206.66 216.58.206.66	15169 (GOOGLE) (GOOGLE)
1 1	216.58.206.68 216.58.206.68	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	172.217.16.206 172.217.16.206	15169 (GOOGLE) (GOOGLE)
1	142.250.186.72 142.250.186.72	15169 (GOOGLE) (GOOGLE)
66	15

11 78.24.14.160 (Czech Republic) 3 redirects

ASN43541 (VSHOSTING, CZ)
PTR: tipli-lb.vshosting.cz

mroferto.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.mroferto.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 172.67.176.206 (United States)

ASN13335 (CLOUDFLARENET, US)

m.klmcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1f::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.68 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f206.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	klmcdn.com m.klmcdn.com	284 KB
11	mroferto.rs 3 redirects mroferto.rs www.mroferto.rs	33 KB
6	gstatic.com fonts.gstatic.com	279 KB
6	google.com 1 redirects fundingchoicesmessages.google.com — Cisco Umbrella Rank: 646 region1.analytics.google.com — Cisco Umbrella Rank: 3095 www.google.com — Cisco Umbrella Rank: 2	123 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	370 KB
4	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 205 stats.g.doubleclick.net — Cisco Umbrella Rank: 89 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	171 KB
4	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 103	223 KB
2	google.de www.google.de — Cisco Umbrella Rank: 7810	127 B
1	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 44	6 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	6 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 126	2 KB
66	11

	Domain	Requested by
30	m.klmcdn.com	www.mroferto.rs
8	www.mroferto.rs	www.mroferto.rs
6	fonts.gstatic.com	www.mroferto.rs fonts.googleapis.com
5	www.googletagmanager.com	www.mroferto.rs www.googletagmanager.com
4	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
4	pagead2.googlesyndication.com	www.mroferto.rs pagead2.googlesyndication.com
3	mroferto.rs	3 redirects
2	www.google.de	www.mroferto.rs
2	securepubads.g.doubleclick.net	www.mroferto.rs securepubads.g.doubleclick.net
1	lh3.googleusercontent.com	www.mroferto.rs
1	fonts.googleapis.com
1	www.google.com	1 redirects
1	googleads.g.doubleclick.net	1 redirects
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
66	16

This site contains links to these domains. Also see Links.

Domain
www.letakakce.cz
www.mroferto.be
www.mroferto.ca
www.mroferto.de
www.mroferto.dk
www.mroferto.gr
www.mroferta.it
www.mroferto.nl
www.mroferto.ar
www.mroferto.at
www.mroferto.bg
www.mroferto.com.br
www.mroferto.ch
www.mroferto.cy
www.mroferto.cz
www.mroferto.ee
www.mroferto.es
www.mroferto.fi
www.mroferto.fr
www.mroferto.co.uk
www.mroferto.hr
www.mroferto.hu
www.mroferto.lt
www.mroferto.lv
www.mroferto.md
www.mroferto.mt
www.mroferto.no
www.mroferto.pl
www.mroferto.pt
www.mroferto.ro
www.mroferto.se
www.mroferto.sk
www.mroferto.si
www.mroferto.com.tr
www.mroferto.us
www.mroferto.co.za

Subject Issuer	Validity	Valid
mroferto.rs R3	`2024-05-10` - `2024-08-08`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
klmcdn.com E1	`2024-03-27` - `2024-06-25`	3 months	crt.sh
*.googleadservices.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google.de WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.mroferto.rs/
Frame ID: 8B143BBE6BD3622B79D7775FF878B5EE
Requests: 66 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aktuelni katalozi | MrOferto

Page URL History Show full URLs

http://mroferto.rs/ HTTP 307
https://mroferto.rs/ HTTP 301
https://www.mroferto.rs/ HTTP 307
http://mroferto.rs/ HTTP 301
https://mroferto.rs/ HTTP 301
https://www.mroferto.rs/ Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

66
Requests

98 %
HTTPS

41 %
IPv6

11
Domains

16
Subdomains

15
IPs

4
Countries

1497 kB
Transfer

3673 kB
Size

6
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://www.letakakce.cz/
Title: Česko,

Search URL Search Domain Scan URL

URL: https://www.mroferto.be/
Title: België,

Search URL Search Domain Scan URL

URL: https://www.mroferto.ca/
Title: Canada,

Search URL Search Domain Scan URL

URL: https://www.mroferto.de/
Title: Deutschland,

Search URL Search Domain Scan URL

URL: https://www.mroferto.dk/
Title: Danmark,

Search URL Search Domain Scan URL

URL: https://www.mroferto.gr/
Title: Ελλάδα,

Search URL Search Domain Scan URL

URL: https://www.mroferta.it/
Title: Italia,

Search URL Search Domain Scan URL

URL: https://www.mroferto.nl/
Title: Nederland,

Search URL Search Domain Scan URL

URL: https://www.mroferto.ar/
Title: Argentina,

Search URL Search Domain Scan URL

URL: https://www.mroferto.at/
Title: Österreich,

Search URL Search Domain Scan URL

URL: https://www.mroferto.bg/
Title: България,

Search URL Search Domain Scan URL

URL: https://www.mroferto.com.br/
Title: Brasil,

Search URL Search Domain Scan URL

URL: https://www.mroferto.ch/
Title: Schweiz,

Search URL Search Domain Scan URL

URL: https://www.mroferto.cy/
Title: Cyprus,

Search URL Search Domain Scan URL

URL: https://www.mroferto.cz/
Title: Česko,

Search URL Search Domain Scan URL

URL: https://www.mroferto.ee/
Title: Estonia,

Search URL Search Domain Scan URL

URL: https://www.mroferto.es/
Title: España,

Search URL Search Domain Scan URL

URL: https://www.mroferto.fi/
Title: Suomi,

Search URL Search Domain Scan URL

URL: https://www.mroferto.fr/
Title: France,

Search URL Search Domain Scan URL

URL: https://www.mroferto.co.uk/
Title: Great Britain,

Search URL Search Domain Scan URL

URL: https://www.mroferto.hr/
Title: Hrvatska,

Search URL Search Domain Scan URL

URL: https://www.mroferto.hu/
Title: Magyarország,

Search URL Search Domain Scan URL

URL: https://www.mroferto.lt/
Title: Lithuania,

Search URL Search Domain Scan URL

URL: https://www.mroferto.lv/
Title: Latvia,

Search URL Search Domain Scan URL

URL: https://www.mroferto.md/
Title: Moldova,

Search URL Search Domain Scan URL

URL: https://www.mroferto.mt/
Title: Malta,

Search URL Search Domain Scan URL

URL: https://www.mroferto.no/
Title: Norge,

Search URL Search Domain Scan URL

URL: https://www.mroferto.pl/
Title: Polska,

Search URL Search Domain Scan URL

URL: https://www.mroferto.pt/
Title: Portugal,

Search URL Search Domain Scan URL

URL: https://www.mroferto.ro/
Title: România,

Search URL Search Domain Scan URL

URL: https://www.mroferto.se/
Title: Sverige,

Search URL Search Domain Scan URL

URL: https://www.mroferto.sk/
Title: Slovensko,

Search URL Search Domain Scan URL

URL: https://www.mroferto.si/
Title: Slovenija,

Search URL Search Domain Scan URL

URL: https://www.mroferto.com.tr/
Title: Türkiye,

Search URL Search Domain Scan URL

URL: https://www.mroferto.us/
Title: United States,

Search URL Search Domain Scan URL

URL: https://www.mroferto.co.za/
Title: South Africa

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mroferto.rs/ HTTP 307
https://mroferto.rs/ HTTP 301
https://www.mroferto.rs/ HTTP 307
http://mroferto.rs/ HTTP 301
https://mroferto.rs/ HTTP 301
https://www.mroferto.rs/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/945147438/?random=2101186358&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mroferto.rs%2F&label=O2mkCIH62qcZEK6c18ID&hn=www.googleadservices.com&frm=0&tiba=Aktuelni%20katalozi%20%7C%20MrOferto&value=0&npa=1&pscdl=noapi&auid=110735515.1716397491&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlv4NAvmOGEwVvhwOY_XiWkj7J6xDH_hy5xQ&pscrd=IhMIman39d6hhgMVv4mDBx0-VA1qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6GGh0dHBzOi8vd3d3Lm1yb2ZlcnRvLnJzLw HTTP 302
https://www.google.com/pagead/1p-conversion/945147438/?random=2101186358&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mroferto.rs%2F&label=O2mkCIH62qcZEK6c18ID&hn=www.googleadservices.com&frm=0&tiba=Aktuelni%20katalozi%20%7C%20MrOferto&value=0&npa=1&pscdl=noapi&auid=110735515.1716397491&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIman39d6hhgMVv4mDBx0-VA1qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6GGh0dHBzOi8vd3d3Lm1yb2ZlcnRvLnJzLw&is_vtc=1&cid=CAQSGwDaQooLEsZQj-kDLpQ2B68dumQHVtbyIoz8MQ&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlvxs6kCX20aXD6R3sQ45NaZ9mcV20PRFCQQ&random=3561482060 HTTP 302
https://www.google.de/pagead/1p-conversion/945147438/?random=2101186358&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mroferto.rs%2F&label=O2mkCIH62qcZEK6c18ID&hn=www.googleadservices.com&frm=0&tiba=Aktuelni%20katalozi%20%7C%20MrOferto&value=0&npa=1&pscdl=noapi&auid=110735515.1716397491&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIman39d6hhgMVv4mDBx0-VA1qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6GGh0dHBzOi8vd3d3Lm1yb2ZlcnRvLnJzLw&is_vtc=1&cid=CAQSGwDaQooLEsZQj-kDLpQ2B68dumQHVtbyIoz8MQ&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlvxs6kCX20aXD6R3sQ45NaZ9mcV20PRFCQQ&random=3561482060&ipr=y

66 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.mroferto.rs/
Redirect Chain

http://mroferto.rs/
https://mroferto.rs/
https://www.mroferto.rs/
http://mroferto.rs/
https://mroferto.rs/
https://www.mroferto.rs/

54 KB
11 KB

10509ms
10508ms

Document
text/html

78.24.14.160
VSHOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mroferto.rs/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

78.24.14.160 , Czech Republic, ASN43541 (VSHOSTING, CZ),

Reverse DNS

tipli-lb.vshosting.cz

Software

nginx / Nette Framework 3

Resource Hash

762df949c94c62bbbb1dbafaaf49c6ea169ad8b018c362ddd44c10825bfcca58

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 22 May 2024 17:04:50 GMT
server: nginx
vary: Accept-Encoding X-Requested-With
x-frame-options: SAMEORIGIN
x-powered-by: Nette Framework 3

Redirect headers

content-length: 162
content-type: text/html
date: Wed, 22 May 2024 17:04:37 GMT
location: https://www.mroferto.rs/
server: nginx

GET
H2 200 main.oferto.css
www.mroferto.rs/css/ 60 KB
9 KB 110ms
109ms Stylesheet
text/css 78.24.14.160
VSHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mroferto.rs/css/main.oferto.css?v=0.66
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 78.24.14.160 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS: tipli-lb.vshosting.cz
Software: nginx /
Resource Hash: 83a3f50c6313d912af4cbc3b441bfa31204611eb5c800a1c8b6000074126e0d6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: gzip
last-modified: Thu, 16 May 2024 07:28:43 GMT
server: nginx
etag: W/"6645b5ab-ef59"
vary: Accept-Encoding
content-type: text/css

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
51 KB 72ms
56ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4233432057183172

Requested by

Host: www.mroferto.rs
URL: https://www.mroferto.rs/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

defff211b79f032467366cd6db04d88ca5ba363cf112f70523f2c2665915bb47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Origin: https://www.mroferto.rs
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52278
x-xss-protection: 0
server: cafe
etag: 7360226522605509489
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Wed, 22 May 2024 17:04:50 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 94 KB
29 KB 64ms
48ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.mroferto.rs
URL: https://www.mroferto.rs/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

a5b58e66f0fd152cfd8ba70bcbfd7babe1fef2e1688e73e4bf885a281d6a950e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30153
x-xss-protection: 0
server: cafe
etag: 228 / 19865 / 31083834 / config-hash: 1800231180881067989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 22 May 2024 17:04:50 GMT

GET
H2 200 placeholder-230x288.png
www.mroferto.rs/images/ 1 KB
1 KB 111ms
110ms Image
image/png 78.24.14.160
VSHOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mroferto.rs/images/placeholder-230x288.png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 78.24.14.160 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS: tipli-lb.vshosting.cz
Software: nginx /
Resource Hash: f49e339d09184e82b5524228bcc3d26d7521a925f4f40acd8262f4acd6fc53fe

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
last-modified: Wed, 25 Aug 2021 12:47:11 GMT
server: nginx
accept-ranges: bytes
etag: "61263bcf-510"
content-length: 1296
content-type: image/png

GET
H2 200 placeholder-80x70.png
www.mroferto.rs/images/ 532 B
662 B 122ms
122ms Image
image/png 78.24.14.160
VSHOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mroferto.rs/images/placeholder-80x70.png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 78.24.14.160 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS: tipli-lb.vshosting.cz
Software: nginx /
Resource Hash: 6caddfa285aaff33089cce03ecd2190627ee25d43528eb0d08200a8de82352fa

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
last-modified: Wed, 25 Aug 2021 12:47:11 GMT
server: nginx
accept-ranges: bytes
etag: "61263bcf-214"
content-length: 532
content-type: image/png

GET
H2 200 lazysizes.min.js Show response
www.mroferto.rs/js/lazysizes/ 8 KB
4 KB 131ms
130ms Script
application/javascript 78.24.14.160
VSHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mroferto.rs/js/lazysizes/lazysizes.min.js
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 78.24.14.160 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS: tipli-lb.vshosting.cz
Software: nginx /
Resource Hash: 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 12:47:11 GMT
server: nginx
etag: W/"61263bcf-1ed1"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 main.js Show response
www.mroferto.rs/js/ 13 KB
3 KB 136ms
136ms Script
application/javascript 78.24.14.160
VSHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mroferto.rs/js/main.js?v=0.66
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 78.24.14.160 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS: tipli-lb.vshosting.cz
Software: nginx /
Resource Hash: 64d18e2c0e6fb1510623d0b46fa562d327720276cb674f55e465fe38390dbffe

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: gzip
last-modified: Tue, 19 Mar 2024 15:31:23 GMT
server: nginx
etag: W/"65f9afcb-33f5"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 main.oferto.js Show response
www.mroferto.rs/js/ 5 KB
2 KB 135ms
135ms Script
application/javascript 78.24.14.160
VSHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mroferto.rs/js/main.oferto.js?v=0.66
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 78.24.14.160 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS: tipli-lb.vshosting.cz
Software: nginx /
Resource Hash: 279fbc4c6383942000b6f8a09c92b2a6d2561598081dee5990cd08680bd15e0e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: gzip
last-modified: Tue, 04 Apr 2023 17:35:17 GMT
server: nginx
etag: W/"642c5fd5-13a6"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 244 KB
88 KB 61ms
39ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNXHJJJ

Requested by

Host: www.mroferto.rs
URL: https://www.mroferto.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

28e61dc2bedd1b8ec7c5fa2d171a59c03d2011fc2bbb4d6f295c2f4749d9fd01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89221
x-xss-protection: 0
last-modified: Wed, 22 May 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 May 2024 17:04:50 GMT

GET
H3 200 najbolje-destinacije-za-porodican-i-bezbedan-odmor-ovog-leta-597.jpg
m.klmcdn.com/k/upload/articles/image/1992/270x180/exact/ 13 KB
13 KB 67ms
39ms Image
image/jpeg 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/articles/image/1992/270x180/exact/najbolje-destinacije-za-porodican-i-bezbedan-odmor-ovog-leta-597.jpg?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82c561350e06136cd66905c85df1fa53b5f8c71c1e8cf8f2ee55e9f0b2e3ea62

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Tue, 14 May 2024 13:16:46 GMT
proxy-cache: HIT
server: cloudflare
age: 704884
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0U3vUK9uKbjzB8r%2FBBgV13H%2F3NEE0OzcRQjnufUnXSZAmkESkoAJFoKIJIXpfy0ImuMO3v3pgb294uqIljjWPAn3CHH57EqJmdAvnqvPqRvgrmtca224gHfMriYbOFw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1209600
cf-ray: 887e633d493b4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 sveze-i-ukusno-prolecni-recepti-sa-sezonskim-sastojcima-593.jpg
m.klmcdn.com/k/upload/articles/image/cff3/270x180/exact/ 21 KB
22 KB 61ms
34ms Image
image/jpeg 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/articles/image/cff3/270x180/exact/sveze-i-ukusno-prolecni-recepti-sa-sezonskim-sastojcima-593.jpg?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7d3be3e7f0b51d9d17a157adcd93c7d92560ca05c9ec14efd0ccf5de0fdf844

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Mon, 20 May 2024 20:48:58 GMT
proxy-cache: HIT
server: cloudflare
age: 159352
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F5x%2FIWYwsQZCozCZy07Dij%2FoFVYamEA6Y9bnAipxdHieGauk3eMH7s38O6TI413htDCDPEDSIA4Rq26OZKa2sANCjsV4Re6u0qK5iw6%2BKmoAmqCT%2F%2F3ED2L0cWy6%2FP4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1209600
cf-ray: 887e633d49374d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 sest-inovativnih-ideja-za-dan-zaljubljenih-koje-ce-ojacati-vasu-ljubav-648.jpg
m.klmcdn.com/k/upload/articles/image/cb20/270x180/exact/ 12 KB
13 KB 46ms
19ms Image
image/jpeg 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/articles/image/cb20/270x180/exact/sest-inovativnih-ideja-za-dan-zaljubljenih-koje-ce-ojacati-vasu-ljubav-648.jpg?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a379d34a6275433f4afe6288e3f44c0574375366f1acd346d888ca70c853572

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Sun, 19 May 2024 19:40:56 GMT
proxy-cache: HIT
server: cloudflare
age: 249834
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2Fcz14N%2BznSMQgVj4DAH8RND8BJb9IIll1Quzg2Gr7a3WvZcwmLbuR5fPqwKtfKC6Fg7oAxtWXAiqllsfEUwF3B4uEm4o5IP8yH7siBp1V2yXC28f6zZOwrrpSqOILw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1209600
cf-ray: 887e633d49394d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 modni-trendovi-za-2024-godinu-elegancija-sa-osmisljenim-ostricama-930.jpg
m.klmcdn.com/k/upload/articles/image/c97f/270x180/exact/ 8 KB
8 KB 53ms
26ms Image
image/jpeg 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/articles/image/c97f/270x180/exact/modni-trendovi-za-2024-godinu-elegancija-sa-osmisljenim-ostricama-930.jpg?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef52cc86c9dc5c3db6f847b3fc865056e89e16a47ea29be31b36e89a91570e80

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Sun, 19 May 2024 19:40:57 GMT
proxy-cache: HIT
server: cloudflare
age: 249833
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xz6GO2F8Dr%2BtvfaH4MCiy9%2FIvs4G2O4BgdsSNVjJIbBlu3F1BGRiPzpmge6b59ydYFzojj3t9KZBc3Ja41BOP5Yd0WzP6zU0pMCFQUVvSMTX9SOpwpFPH8CMpFlAWRs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1209600
cf-ray: 887e633d49354d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 najlepsi-bozicni-vasari-u-evropi-carobni-praznicni-dozivljaji-576.jpg
m.klmcdn.com/k/upload/articles/image/008d/270x180/exact/ 19 KB
20 KB 143ms
117ms Image
image/jpeg 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/articles/image/008d/270x180/exact/najlepsi-bozicni-vasari-u-evropi-carobni-praznicni-dozivljaji-576.jpg?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1cfebc53e1e56388c3f0176498ca0a55b9adbd431c8ae84e419bd915c2f6227

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
proxy-cache: MISS
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kSMaWYuRBXWFJWylkw%2BLw4fCuoPL5KURls2mOadpgeIZzV4qKNXu03aHI6YNHeJxUI8OXntpLJS8MDN9Jl%2FBoKc6wPM8Iihr0p6FmYXFQd6YVZnPQczjJ0841qyc6r0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1209600, private
cf-ray: 887e633d49324d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 savremeni-trendovi-u-ukrasavanju-za-bozic-2023-792.jpg
m.klmcdn.com/k/upload/articles/image/9615/270x180/exact/ 15 KB
15 KB 100ms
100ms Image
image/jpeg 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/articles/image/9615/270x180/exact/savremeni-trendovi-u-ukrasavanju-za-bozic-2023-792.jpg?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27457d193afb4f8c586fe7505bf9c26da71e9a7ef9afa6fb7631980f67326529

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:50 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8onWspsQAsSZFxN3ex3aBnq0UM7%2BGnunUGHJdWSWn9KGVOXQBTnd7vkKaCHR7Q1hW0S%2Fca1RUYZSjVfsoxG1pWYf2MKauQXnVbsyJzYkh6gKok8bb9F2QwsVI2nLw0A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1209600
cf-ray: 887e633d69844d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 najbolji-recept-za-toplo-vino-sa-medom-toplina-u-svakom-gutljaju-742.jpg
m.klmcdn.com/k/upload/articles/image/007f/270x180/exact/ 9 KB
9 KB 96ms
95ms Image
image/jpeg 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/articles/image/007f/270x180/exact/najbolji-recept-za-toplo-vino-sa-medom-toplina-u-svakom-gutljaju-742.jpg?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31c82900ae332b396fa3552ad9c137d995a503aac3d7b0ff8a485ceebbead183

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
proxy-cache: MISS
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wanV7yMfgdHETs5jh43W%2FUP8%2B1bFPj%2FQhEWMeM4ta5BCigVQJayyvDS3UKJ3BFNaA7Bz4rHitAT94uNpbpFe2d%2BClPtBsOW%2BgBLjWq6DDRqZd84pnO3Ivyq5e9PDmeo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1209600, private
cf-ray: 887e633d698c4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 najbolji-recept-za-pitu-od-jabuka-866.jpg
m.klmcdn.com/k/upload/articles/image/b434/270x180/exact/ 14 KB
14 KB 133ms
132ms Image
image/jpeg 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/articles/image/b434/270x180/exact/najbolji-recept-za-pitu-od-jabuka-866.jpg?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb7ed20e079455b1a8ea835f2f53129a2583c2a09643ffde84a87882ae945047

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
proxy-cache: MISS
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oW7b8pwELzjBU2a6Xkso9VAwy%2FHOO8UFrMrdLcgnL5nsySpuhOG%2BgdiQtCpM52%2BgrFaa%2BzeFOZSfNAzXmOAk8PQJhA5uFJDOJAOMk5xzaG3cJEcTLMTFSWB6XjEaXww%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1209600, private
cf-ray: 887e633d69904d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405160101/ 91 KB
32 KB 63ms
48ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405160101/slotcar_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4233432057183172

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

0c8828038da2bc4fe8e942559535ee067eb32900f51a2e787d69227fd5802a15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32391
x-xss-protection: 0
server: cafe
etag: 16190808565954501029
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 22 May 2024 17:04:50 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405160101/ 415 KB
140 KB 84ms
70ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4233432057183172&plah=www.mroferto.rs&aplac=true

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4233432057183172

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9af7fcb1f082cd5a35a0e2c03b1e1d0ff0ffea3f50ba01c8677b2ddc15ef5fcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 143435
x-xss-protection: 0
server: cafe
etag: 6954431423603590977
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 22 May 2024 17:04:50 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405090101/ 454 KB
142 KB 8ms
8ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405090101/pubads_impl.js?cb=31083834

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

aba3b1e74a53993ab198f8376eaf3bc0c9d841b9bc6d95f47ab839bbdb502d47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 15:09:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6894
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 145002
x-xss-protection: 0
server: cafe
etag: 8410536799634492291
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 22 May 2025 15:09:56 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 312 KB
103 KB 44ms
43ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VRYLZD6B7D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNXHJJJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2b10920c1cda49336e68de35a0bfdb8fb881543699080c7b630c94236039dd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 105601
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 22 May 2024 17:04:50 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
90 KB 40ms
40ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-945147438&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNXHJJJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

efd15c2e9bc1ee168ba96cbaf51b9ef7ed5e3fa0307de32b3d41c391b2c62e8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91773
x-xss-protection: 0
last-modified: Wed, 22 May 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 May 2024 17:04:50 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 260 KB
90 KB 70ms
70ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-945147438&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNXHJJJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c7e2ebd429897e85886e1435842a3dfa870e9c04f4ddb2df0391d0d92c5b1826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91876
x-xss-protection: 0
last-modified: Wed, 22 May 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 May 2024 17:04:50 GMT

GET
H3 200 c5a505dfd3cb2929.w7o21kpzt0ri.webp
m.klmcdn.com/s/files/leaflets//197/197485/7825/230x288/exactTop/ 15 KB
16 KB 25ms
25ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//197/197485/7825/230x288/exactTop/c5a505dfd3cb2929.w7o21kpzt0ri.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45d895ad381189bca272cf108bb73404dd8f5f0ddde28b27f8df23f8577d33f0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Mon, 20 May 2024 12:09:26 GMT
proxy-cache: HIT
server: cloudflare
age: 190524
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NL%2BW8zUvltvkh%2Ft%2Bc%2BjcHxcNVHPNV6nUJ%2BftBjCyhI5HFMeiv2tsAefKEQoOhxw0865Erdf351Zyu6Qhj%2BqNXzgnxNsQFznT1jsPiqiEHg4n8VV9qD72q6RibgRXDQY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dda464d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 ysa6qt5r5t51qh9j7apphuzq.webp
m.klmcdn.com/s/files/leaflets//195/195777/d1e8/230x288/exactTop/ 18 KB
18 KB 33ms
30ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//195/195777/d1e8/230x288/exactTop/ysa6qt5r5t51qh9j7apphuzq.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3672b301d9530f87db8b29c37456e2a4378cc950ac0e3f28fcb66eda714040ef

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Mon, 20 May 2024 18:03:20 GMT
proxy-cache: HIT
server: cloudflare
age: 169290
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uw3DIgufZx6ajuJDRF%2FKKUQsiaDjqmd22V1p%2FtejyceyHO3pt9ocyMr7I%2F1BEB%2FX6AfPiFcWa917Rt%2FVMj%2FEMmARFpBhEEku%2Bq2QrqpCexN1KLFKrW12%2F2gZjOosdqw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea4d4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 fac67fbaf2391e3a.ikvbj3l1n3n9.webp
m.klmcdn.com/s/files/leaflets//197/197191/cde3/230x288/exactTop/ 15 KB
15 KB 74ms
71ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//197/197191/cde3/230x288/exactTop/fac67fbaf2391e3a.ikvbj3l1n3n9.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f47aa143b31d48a402e8e04098727dbff2b614f74d0d3181483d1b1fb59c3d75

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:50 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kxMfjIllt99ajyuNwqpcnZ3mUwNfFQywAV3bLfchrfuJ0%2Fa7ufvohmLt21McfOnqGHZHhG3caiAObgi3M3MuDTf%2BlhVyPiEVIQ%2BVpE5Wt3ciXo8uE2O3l074jNtE1rk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea4f4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 akay5y08r1365jqxucdq5cti.webp
m.klmcdn.com/s/files/leaflets//197/197925/6d32/230x288/exactTop/ 12 KB
12 KB 24ms
21ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//197/197925/6d32/230x288/exactTop/akay5y08r1365jqxucdq5cti.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3ca633ad67ccd23c4023a028ae1a638b8e762ec55fe01be50d47f5671706627

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Wed, 22 May 2024 09:35:04 GMT
proxy-cache: HIT
server: cloudflare
age: 26986
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yl4A%2Fh7c6m5zMHCR6Dou0QkBIxqRq%2BrEFp%2F7eeHx9zPO0TUtZ%2B3eJ%2BU8%2BhceC%2FV6DScoW8MRTLmgFen%2FHCTgwuzs1ryjmRCw6f0tazPiqH9a8kKVGlc8ZPL2tJBBPwc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea504d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 d3ey41oxxaj04ml2xqs4awhz.webp
m.klmcdn.com/s/files/leaflets//195/195844/a4ab/230x288/exactTop/ 18 KB
19 KB 80ms
77ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//195/195844/a4ab/230x288/exactTop/d3ey41oxxaj04ml2xqs4awhz.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6290caed022411308e60191fc9da37deef3b2c3d28a474f99229a9599855e066

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:50 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5g5WTJ6V%2Bhziid94QRcbmphi4MJn%2FV9ymd%2BNfyi7R7mNxDeFD%2BDTETZrGhpX2KK9RWyPu4kLEKL3rkn3i0%2F%2BMY9ncfX0nzUjRUsswlixnopuy3%2Bjfo7UZ1fUEx2ytQM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea514d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 unnf01avk75ydydqhq7n8upl.webp
m.klmcdn.com/s/files/leaflets//193/193885/639a/230x288/exactTop/ 15 KB
16 KB 68ms
65ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//193/193885/639a/230x288/exactTop/unnf01avk75ydydqhq7n8upl.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d4410745d938cfbdbc4a737e42f7a64382aa66a7cef73296fa9b79cf983daf6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:50 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNI8EXPpzNitcLwR0FsYTUSkm2JxA2ljXj6LizkgqvQcKH9TuQfnSodgBK%2BtD9OjtwUXgTmUlWiTbLAUBMv0ARXmkEfmSjhyKJgGtJhtisGJUBMif4o6yv2JFxSyaWY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea544d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 khy2zppc0dsv0rg06nufyzdr.webp
m.klmcdn.com/s/files/leaflets//194/194103/100d/230x288/exactTop/ 11 KB
12 KB 72ms
69ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//194/194103/100d/230x288/exactTop/khy2zppc0dsv0rg06nufyzdr.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26915753c43abc8e81f2520b7aff58a836133612ced70cae994586a9222ea7f1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:50 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=djyyseYBpc49Dbj7ef%2BdIJNh8E5gfHIV%2FSPlzucqCN2HFEiwlwqBVZd8VuffytYiGYIpqhsBsql%2BcD3aSGMcl8GOMi%2BfTpYNkeEpyvq%2FCnGW08J3vjaRubPsQZIiP1E%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea574d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 gje8evg9ursmk8sf6b08x5m7.webp
m.klmcdn.com/s/files/leaflets//194/194100/d14f/230x288/exactTop/ 7 KB
8 KB 69ms
67ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//194/194100/d14f/230x288/exactTop/gje8evg9ursmk8sf6b08x5m7.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76b4136bae78f9b13dc2766b208e35f3d2812d17dcb517ec7b3ece4e3f3b6c77

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:50 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dn4Mq3rgytrkICNl5UbPKZsuizlWkHH6Kmu1DBr4qRHDEGMyCXEf9eIUFAS%2FabvQRnjiMUa0moXtnRlOom0zMy6PLZllMlIjESFxORoeGSGkOPVvrjhyQmlFotAN9eU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea594d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 56amyponjmaqkrn7e6eak4rb.webp
m.klmcdn.com/s/files/leaflets//195/195490/f317/230x288/exactTop/ 15 KB
16 KB 38ms
37ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//195/195490/f317/230x288/exactTop/56amyponjmaqkrn7e6eak4rb.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d6a2948cf50b5edf7de3b1f846046d0beedb4cf5343cff1b95d5ba8d828018d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Thu, 09 May 2024 11:30:40 GMT
proxy-cache: HIT
server: cloudflare
age: 1143250
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B4zXhzL9D0KllF89LdS2Qexjitnqg4R%2Bj53TAVo23Izd60vBw5dW5FzRCdZw19rAAqp0K%2FGmx6gye%2FbSyjMUKy9Hta7bLzq5oEEj8%2Fp2saK48YzlM%2Bf3WUU%2BDwmuVoA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea5a4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 n3saykz4dqtenwkcrbmwe9fl.webp
m.klmcdn.com/s/files/leaflets//196/196976/bd31/230x288/exactTop/ 19 KB
19 KB 31ms
31ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/s/files/leaflets//196/196976/bd31/230x288/exactTop/n3saykz4dqtenwkcrbmwe9fl.webp?v=13.1
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d6b1ebd44479ae5c3566cc451637a4bc82f9e742d35e7f79ea83e3f2bc8ac37

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:50 GMT
cf-cache-status: HIT
last-modified: Mon, 20 May 2024 15:16:12 GMT
proxy-cache: HIT
server: cloudflare
age: 179318
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kdk5UoeiUAU6%2Bxlpw3YQPGIYPTi%2FAmewVVS%2FM9wCZeW4Br2ck3W35hpLhM98sHYtiP6kAt7qk9MqgzOVUEjRQiXavLnBiduJPNoaTuvEkj9LahAtfl11SWjy0WauVag%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633dea5c4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/945147438/ 3 KB
2 KB 58ms
28ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/945147438/?random=1716397490910&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mroferto.rs%2F&label=O2mkCIH62qcZEK6c18ID&hn=www.googleadservices.com&frm=0&tiba=Aktuelni%20katalozi%20%7C%20MrOferto&value=0&bttype=purchase&npa=1&pscdl=noapi&auid=110735515.1716397491&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-945147438&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

f0c95f4b7553a300f334febf99bed94b7545c29bd88e231e733de65071505e97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 17:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1659
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 39ms
39ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4233432057183172
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 ca-pub-4233432057183172 Show response
fundingchoicesmessages.google.com/i/ 182 KB
61 KB 79ms
37ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-4233432057183172?href=https%3A%2F%2Fwww.mroferto.rs&ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4233432057183172&plah=www.mroferto.rs&aplac=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

66fbac849658ea2c242ee642cb493ce0504417f57cd66faeb09f6a8dd2bb6e98

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dGA2XeLt0wQ_b6CbD7FDnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
content-security-policy: script-src 'report-sample' 'nonce-dGA2XeLt0wQ_b6CbD7FDnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmJw15BiOHnrNtNFID7vdIfpOhAbaDxnsgBiia8vmbSAOOb5dNYUIHZKn8EaAsQ-9TNY44C49eY51ulAnPTvPGsJEO9cfIH1IBCvOnKBdRMQt3--wDoTiL-xX2T9B8RC3BybT-_YxCYw4fVPHiWNpPzC-OT8vJKizKTSkvyitOS01OLUorLUongjAyMTA1MjQz0D0_gCAwBxjEhL"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 41ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-VRYLZD6B7D&gtm=45je45k0v9120461850z89119773984za200zb9119773984&_p=1716397490721&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1359468792.1716397491&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1716397490&sct=1&seg=0&dl=https%3A%2F%2Fwww.mroferto.rs%2F&dt=Aktuelni%20katalozi%20%7C%20MrOferto&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=13920
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VRYLZD6B7D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 17:04:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mroferto.rs
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 56ms
19ms Ping
text/plain 2a00:1450:400c:c1f::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-VRYLZD6B7D&cid=1359468792.1716397491&gtm=45je45k0v9120461850z89119773984za200zb9119773984&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VRYLZD6B7D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1f::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 17:04:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mroferto.rs
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 60ms
43ms Image
image/gif 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VRYLZD6B7D&cid=1359468792.1716397491&gtm=45je45k0v9120461850z89119773984za200zb9119773984&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1356114267

Requested by

Host: www.mroferto.rs
URL: https://www.mroferto.rs/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 17:04:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/945147438/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/945147438/?random=2101186358&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2...
https://www.google.com/pagead/1p-conversion/945147438/?random=2101186358&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2l1&dma_cps=sypham&dma...
https://www.google.de/pagead/1p-conversion/945147438/?random=2101186358&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=...

42 B
64 B

21ms
21ms

Image
image/gif

142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/945147438/?random=2101186358&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mroferto.rs%2F&label=O2mkCIH62qcZEK6c18ID&hn=www.googleadservices.com&frm=0&tiba=Aktuelni%20katalozi%20%7C%20MrOferto&value=0&npa=1&pscdl=noapi&auid=110735515.1716397491&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIman39d6hhgMVv4mDBx0-VA1qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6GGh0dHBzOi8vd3d3Lm1yb2ZlcnRvLnJzLw&is_vtc=1&cid=CAQSGwDaQooLEsZQj-kDLpQ2B68dumQHVtbyIoz8MQ&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlvxs6kCX20aXD6R3sQ45NaZ9mcV20PRFCQQ&random=3561482060&ipr=y

Requested by

Host: www.mroferto.rs
URL: https://www.mroferto.rs/

Protocol

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.mroferto.rs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 May 2024 17:04:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 May 2024 17:04:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/945147438/?random=2101186358&cv=11&fst=1716397490910&bg=ffffff&guid=ON&async=1&gtm=45be45k0v9135436126z89119773984za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mroferto.rs%2F&label=O2mkCIH62qcZEK6c18ID&hn=www.googleadservices.com&frm=0&tiba=Aktuelni%20katalozi%20%7C%20MrOferto&value=0&npa=1&pscdl=noapi&auid=110735515.1716397491&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.76%7CChromium%3B125.0.6422.76%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIman39d6hhgMVv4mDBx0-VA1qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6GGh0dHBzOi8vd3d3Lm1yb2ZlcnRvLnJzLw&is_vtc=1&cid=CAQSGwDaQooLEsZQj-kDLpQ2B68dumQHVtbyIoz8MQ&eitems=ChAI8K-2sgYQ74iGnOnq7upMEh0A1HBlvxs6kCX20aXD6R3sQ45NaZ9mcV20PRFCQQ&random=3561482060&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lidl-997.webp
m.klmcdn.com/k/upload/shops/logo/b6cc/80x70/fit/ 2 KB
2 KB 21ms
20ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/b6cc/80x70/fit/lidl-997.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d597f12efbe5ded306e21dbc541bf96e19193556fa337d3ebab3fda842ea8861

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Sun, 19 May 2024 19:41:00 GMT
proxy-cache: HIT
server: cloudflare
age: 249831
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctcNynjxYK8ZBHjo40f5ck8IPfwWmglfEHh2Rd7A85ajaCejOGxM0JAerZd9VK9xhK3xju9%2FLxtz1loY2tECBRlC%2Beiahw8uS3oEFFJRUp0ytxVGBsZIVl0URG%2FkaCM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633eebca4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 idea-656.webp
m.klmcdn.com/k/upload/shops/logo/c2b9/80x70/fit/ 1012 B
1 KB 25ms
22ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/c2b9/80x70/fit/idea-656.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc9aec636ee2eb89cf439d13f90a546022fc8c6453893f4cb37d4152df23715f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Thu, 16 May 2024 13:25:50 GMT
proxy-cache: HIT
server: cloudflare
age: 531541
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AtJa5G0pv7A%2BNfPj0a5di926JTEm7DoY8wZySD43wTFPvmODgldCoiJEx%2BddENtx6p3T7eyy5%2BOPReQFQF9zUUgwttRrZPCH8YdSypDsY0%2FIj1k%2Fbv5jHEPEQMR5sCA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633eebcd4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 maxi-734.webp
m.klmcdn.com/k/upload/shops/logo/750d/80x70/fit/ 1 KB
2 KB 26ms
23ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/750d/80x70/fit/maxi-734.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f48649f44901891659e9fa0f05c6571b88e44c862faf41c1f22bf3385a36a1b9

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Sun, 12 May 2024 20:35:37 GMT
proxy-cache: HIT
server: cloudflare
age: 851354
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l2GO%2F%2FIvtFKOgFUCbW%2B4Mzdbn9wGe7Pit%2B0AGn8%2Fui%2FKEHuekU%2BhTEl5cYnfe%2FiROdg9RodCjL51vXG1qiP0O3reCPuWQpDBEAZKGCsAqATHGdmUuZ5707auEkgWQiM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633eebcf4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 pepco-708.webp
m.klmcdn.com/k/upload/shops/logo/223f/80x70/fit/ 956 B
1 KB 61ms
59ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/223f/80x70/fit/pepco-708.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de4fd71a50df2cbaf40e4d2529be6e09574fa9dd601d2ffbdd2bbbb4d7cd49a5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:51 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QKiK7NcPfixAbOFbAAKi9x%2FoRsQpbKIvLyzuZW05I1LrbGDdr45wewxks8TWZhBYU708D%2BM4425kJlaluallYpUr12n4voaIGLmDd9XD02qxvdTC5yyCZ7qI1EHGCSo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633eebd24d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 roda-910.webp
m.klmcdn.com/k/upload/shops/logo/d22e/80x70/fit/ 1 KB
2 KB 24ms
21ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/d22e/80x70/fit/roda-910.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e6c911ed8a9db1041e258317ec6d5bfafb7e7341087b4b6714edc8fca0cf709

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Sat, 18 May 2024 06:46:21 GMT
proxy-cache: HIT
server: cloudflare
age: 382710
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZpYRoo9qtYWMbHmo2fxUXxzrO1Hf3339A5Z2LMvJ3xR13yIFgXK2nsGvuJpzc5MhwqWSHXJPkZzJx%2ByHUH4rJ3wDXSpzPhnns9kvLM3YtOy0QU6ahKYA2KUpqIa3SHw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633eebd34d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 dm-563.webp
m.klmcdn.com/k/upload/shops/logo/17fd/80x70/fit/ 1 KB
2 KB 62ms
60ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/17fd/80x70/fit/dm-563.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 906b62cb3f2d41cd4364a7fba34104d2cf78fb1186cd3c92bcd2e2c16b1176f3

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:51 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M7EBvnZA0y2LyD7IIztjCnLNtW6rwd6UXFTga%2BDaxBK4nvHzhzNMSH%2FCb0zZBP4fGNr2zycnqSCJagtW8If5X5oI2rxNpEx55C7TzVtTDbNW62KWrQZzOLuNxohWv%2Fw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633eebd54d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 AGSKWxUKDkMskzhbCyu42bRWJBoiVYPUtV5udCY7Ij-aLDqeQzl0ZoTatsMi5V7d4Ms68Sm8-SyuerZ4arY69xsAkJOUpwwkdg9wt5bbYOy8JLZUxATYy-1NdWwUJ-xzc_S1pvCHQDrE Show response
fundingchoicesmessages.google.com/f/ 401 KB
62 KB 123ms
122ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUKDkMskzhbCyu42bRWJBoiVYPUtV5udCY7Ij-aLDqeQzl0ZoTatsMi5V7d4Ms68Sm8-SyuerZ4arY69xsAkJOUpwwkdg9wt5bbYOy8JLZUxATYy-1NdWwUJ-xzc_S1pvCHQDrE?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzE2Mzk3NDkxLDcyMDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3d3dy5tcm9mZXJ0by5ycy8iLG51bGwsW1s4LCJVSXBxOUVGVjVhTSJdLFs5LCJkZSJdLFsxOCwiW1tbMF1dXSJdLFsyMCwiW251bGwsbnVsbCxbOTUzMjk4NDNdLG51bGwsMTBdIl0sWzE5LCIxIl0sWzE3LCJbMF0iXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UIpq9EFV5aM.es5.O/am=AgM/d=1/rs=AJlcJMyB1cL7I_ngAbAZmjHuIc6UaTSTYg/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

788c53737163aeeac55c4de72af4c183eecdb47f1172d4be93e5685ca9ab7570

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iambvqp9whI_Y_oQgGfosw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
content-security-policy: script-src 'report-sample' 'nonce-iambvqp9whI_Y_oQgGfosw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmII1JBiOO90h-k6EBtoPGeyAGKJry-ZtIA45vl01hQgdkqfwRoCxD71M1jjgLj15jnW6UCc9O88awkQ71x8gfUgEK86coF1ExC3f77AOhOIv7FfZP0HxOWOF1nrgViIm2Pz6R2b2AQ2_D0QoaSRlF8Yn5yfV1KUmVRakl-UlpyWWpxaVJZaFG9kYGRiYGpkqGdgGl9gAACekUa2"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lilly-894.webp
m.klmcdn.com/k/upload/shops/logo/65e0/80x70/fit/ 1 KB
1 KB 58ms
57ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/65e0/80x70/fit/lilly-894.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 931872ba21c581b9d13ec7f57d8766ba62c5a5cc8de88b79763816e006a45e26

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: MISS
last-modified: Wed, 22 May 2024 17:04:51 GMT
proxy-cache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FyffLsK4rs7Jl9wus5ejIcXKiiSYC6CMP2CqWzn9h9NhFaGZ2zuDjZyl22%2BC%2BC3TKyt0vd3ZJOxokngCkOFKmTjeG2%2FLL9uHvHaF2ChVCaBFBAOHc35OoTYJmOjzYGQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633fccfc4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 dis-539.webp
m.klmcdn.com/k/upload/shops/logo/d5aa/80x70/fit/ 1 KB
2 KB 21ms
21ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/d5aa/80x70/fit/dis-539.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 399c39f2201fdcf074cd43e987be4d95fbd60be7e9fc7533d895cbf93a9d6a80

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Sun, 19 May 2024 19:41:01 GMT
proxy-cache: HIT
server: cloudflare
age: 249830
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWBmSbk2MtN2N8wHSDnLNuBL12WAs9fpx9d1AGviosps%2BbJmvqKzniItaB0JiV33inmGP5k3%2BteL9TpUZqurJXJ6XeqEsQ96hQNA4jqiQato6YhMM4reOePAN5uSTg8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633fccfe4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 tempo-765.webp
m.klmcdn.com/k/upload/shops/logo/a858/80x70/fit/ 842 B
1 KB 22ms
22ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/a858/80x70/fit/tempo-765.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5545b34eb59b771ec5fbd2b4405494ea7768cde51099ee819eb8f9383ea38c4c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Mon, 13 May 2024 08:13:14 GMT
proxy-cache: HIT
server: cloudflare
age: 809497
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VW0immB%2FugUaUGLJsxkBXfkY8VsCLrQQHzefzyXaEwF0UdDuQLSNJAxarVFJOpglPOBKuwnC6mDmZ1aQxPqyTmxq5KyTs6OgKje8pQURvQBe78KStVNqvrS6OEFGPck%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633fcd014d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 univerexport-924.webp
m.klmcdn.com/k/upload/shops/logo/9349/80x70/fit/ 1 KB
2 KB 20ms
20ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/9349/80x70/fit/univerexport-924.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 361cde579411497d809945c89ad6d133de8bedecedf4dcb28b59523d0fa3832d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Wed, 22 May 2024 10:08:23 GMT
proxy-cache: HIT
server: cloudflare
age: 24988
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvCvfwLXYnL%2B4QmXvgrOM7LqSC0CFhIv562Y6XVpmMlZ1xpcmRSWg7vWg6hOQbNwcaDst3ZJed6qfSeEPWQMCiUt1R9gnkI6I5VnFKiP7l7GXttANRB2ubsuTQuhcQY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633fcd024d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 aman-959.webp
m.klmcdn.com/k/upload/shops/logo/c021/80x70/fit/ 792 B
1 KB 24ms
24ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/c021/80x70/fit/aman-959.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31ac18d14a2e0619a250a18ba517c8d25d1e557677eb31ed9f2d7cc14dc10b2c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Sat, 18 May 2024 06:46:22 GMT
proxy-cache: HIT
server: cloudflare
age: 382709
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ElmFM4GJbeH3d6AK%2BHXDt%2F%2FVmjsWgckwW2o2D4A6O2h1rzk%2Bq%2FM63TsGuWeDpGK7dPtWtosptSXOqzdmacxTuItcigj81QYUSxBgrlDw4J%2BmUGYrPa269zVYTKv9wew%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e633fcd044d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 109 KB
6 KB 44ms
23ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UIpq9EFV5aM.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMxl8rSbjbWdyy2J8TWK0csDuIgnIg/m=web_iab_tcf_v2_wall_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6b7dfb79b63e4202eaad4d930a87c85325776c5b800a672363283ad3dc73af1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 22 May 2024 17:04:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 22 May 2024 17:04:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 May 2024 17:04:51 GMT

GET
H2 200 X2RegzAJG7Cru7IukeRdm8Rfy8ER6XnB-sGdF6rDsl2XMAiLIjeI7TOx5ZCJqzSQQn_ZYl1lWo6PLq2iVhyFDbQaf23mS9pYQRi8r8Sp9ulGJ4K_RcI=h60
lh3.googleusercontent.com/ 6 KB
6 KB 43ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/X2RegzAJG7Cru7IukeRdm8Rfy8ER6XnB-sGdF6rDsl2XMAiLIjeI7TOx5ZCJqzSQQn_ZYl1lWo6PLq2iVhyFDbQaf23mS9pYQRi8r8Sp9ulGJ4K_RcI=h60

Requested by

Host: www.mroferto.rs
URL: https://www.mroferto.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d72cc6642c0a04031206fc8ad3e23f97e23e37a5e49fb6168d7c128448fba287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 16:54:35 GMT
x-content-type-options: nosniff
age: 616
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6229
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 23 May 2024 16:54:35 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 29ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: www.mroferto.rs
URL: https://www.mroferto.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Origin: https://www.mroferto.rs
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 00:50:53 GMT
x-content-type-options: nosniff
age: 144838
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 May 2025 00:50:53 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v142/ 125 KB
126 KB 37ms
16ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: www.mroferto.rs
URL: https://www.mroferto.rs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Origin: https://www.mroferto.rs
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 14:16:48 GMT
x-content-type-options: nosniff
age: 96483
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 May 2025 14:16:48 GMT

POST
H3 204 AGSKWxVX3qwQ6PJQW2kSliU6XOjxth_ezm7RQYsdxhQJqSnhR-N5m0h-SqAaXQPI8GaAvv7KYZzNPDmivL-6AvDIYgDtQoyPKoBeoAN-6rfktCuC-jEdMfPKIwbtar20xOPIiDQwt1km Show response
fundingchoicesmessages.google.com/el/ 0
29 B 37ms
22ms XHR
text/html 172.217.16.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVX3qwQ6PJQW2kSliU6XOjxth_ezm7RQYsdxhQJqSnhR-N5m0h-SqAaXQPI8GaAvv7KYZzNPDmivL-6AvDIYgDtQoyPKoBeoAN-6rfktCuC-jEdMfPKIwbtar20xOPIiDQwt1km

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f206.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-QCPezXX_92pn6o0eDdTxlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-QCPezXX_92pn6o0eDdTxlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw1pBicEqfwRoCxEI8HJtP79jEJvDja1cLo5JLUn5hfHJ-XklqXoluYkqxLohdlJlUWpJfhMJOLQOpyMlPT8_MS483MjAyMTA1MtAzMI8vMAAAzTki0A"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mroferto.rs
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVX3qwQ6PJQW2kSliU6XOjxth_ezm7RQYsdxhQJqSnhR-N5m0h-SqAaXQPI8GaAvv7KYZzNPDmivL-6AvDIYgDtQoyPKoBeoAN-6rfktCuC-jEdMfPKIwbtar20xOPIiDQwt1km

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f206.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CUhj55_GcmbVAZTA66O6TQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
content-security-policy: script-src 'report-sample' 'nonce-CUhj55_GcmbVAZTA66O6TQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw05BicEqfwRoCxEI8HJtP79jEJnBg_qJmRiWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkYmBqZKBnYB5fYAAAqKUiVA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mroferto.rs
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v26/ 38 KB
38 KB 14ms
12ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://www.mroferto.rs
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 14:27:36 GMT
x-content-type-options: nosniff
age: 95835
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39124
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 May 2025 14:27:36 GMT

GET
H2 200 XRXV3I6Li01BKofIO-aBXso.woff2
fonts.gstatic.com/s/nunito/v26/ 34 KB
34 KB 14ms
13ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofIO-aBXso.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f682eec1df25f15ca443164ee0cddcce91aad4d87ca5153f2d4267d08ce12982

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://www.mroferto.rs
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 14:27:40 GMT
x-content-type-options: nosniff
age: 95831
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34608
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:43:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 May 2025 14:27:40 GMT

GET
H2 200 XRXV3I6Li01BKofIOuaBXso.woff2
fonts.gstatic.com/s/nunito/v26/ 13 KB
13 KB 16ms
15ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofIOuaBXso.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b13b3f5f54caca6c306100e27a223e03fc2a4b1d3df1f6f770b977e32a9d94c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://www.mroferto.rs
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 02:57:49 GMT
x-content-type-options: nosniff
age: 137222
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12960
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:24:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 May 2025 02:57:49 GMT

GET
H2 200 XRXV3I6Li01BKofIMeaBXso.woff2
fonts.gstatic.com/s/nunito/v26/ 20 KB
20 KB 18ms
17ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofIMeaBXso.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76baf7ddc2473c482726d7265054924ed50794d89cf2a16496f5b950286b8958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://www.mroferto.rs
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 14:24:16 GMT
x-content-type-options: nosniff
age: 96035
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20708
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:23:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 May 2025 14:24:16 GMT

GET
H3 200 metro-617.webp
m.klmcdn.com/k/upload/shops/logo/1196/80x70/fit/ 532 B
987 B 18ms
18ms Image
image/webp 172.67.176.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.klmcdn.com/k/upload/shops/logo/1196/80x70/fit/metro-617.webp?v=13.1&from=png
Requested by: Host: www.mroferto.rs
URL: https://www.mroferto.rs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8cbc7473c94db965e9e2a02d22c8ef555d5e8dfe34c0f513c5c620692d08c8a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
cf-cache-status: HIT
last-modified: Sat, 18 May 2024 06:46:21 GMT
proxy-cache: HIT
server: cloudflare
age: 382710
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DueSrdgBcW%2BbhW39BKeDDS44wlOB%2Ft5l3TlsXIMG6k40rn5o0RzYYc4U6a7UF80RSfFzZXF%2BLQKRmcObBF53hMTz8EEfHCkA95tPR8FDbdeYe7kAGHP5o3JSpb4un2E%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1209600
cf-ray: 887e63409e4f4d3e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 a
www.googletagmanager.com/ 0
11 B 33ms
33ms Image
text/html 142.250.186.72
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?v=3&t=l&pid=1100590476&rv=45k0&u=AAAAAAAI&ut=Ag&h=Ag&gtm=45He45k0v9119773984za200&ccid=119773984&cid=GTM-NNXHJJJ&l=L13647.S2.Y0.B8.E501.I13670.EC5.TC4.HTC0~gtm.init.S0.V0.E9~gtm.js.S0.V0.E313.TS5googtag.TI3.TE2.TS5googtag.TI6.TE0.TS5gclidw.TI7.TE2.TS5awct.TI8.TE0~gtm.dom.S0.V0.E3~gtm.load.S0.V0.E0~gtm.init_consent.S1.V0.E10

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 favicon-32x32.png
www.mroferto.rs/images/favicon/oferto/ 2 KB
2 KB 214ms
214ms Other
image/png 78.24.14.160
VSHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mroferto.rs/images/favicon/oferto/favicon-32x32.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 78.24.14.160 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS: tipli-lb.vshosting.cz
Software: nginx /
Resource Hash: 3cbb48f686d9b933cbf486a93b508802068d128a8e23175494555c2d356ab8ef

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.mroferto.rs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 17:04:51 GMT
last-modified: Tue, 29 Mar 2022 16:22:26 GMT
server: nginx
accept-ranges: bytes
etag: "62433242-646"
content-length: 1606
content-type: image/png

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mroferto.rs/	1969-12-31 23:59:59	Name: _nss Value: 1
www.mroferto.rs/	1969-12-31 23:59:59	Name: cookie Value: server2
.mroferto.rs/	1970-01-20 22:56:13	Name: _gcl_au Value: 1.1.110735515.1716397491
.mroferto.rs/	1970-01-21 06:22:37	Name: _ga_VRYLZD6B7D Value: GS1.1.1716397490.1.0.1716397490.60.0.0
.mroferto.rs/	1970-01-21 06:22:37	Name: _ga Value: GA1.1.1359468792.1716397491
.doubleclick.net/	1970-01-20 20:46:38	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.mroferto.rs/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
lh3.googleusercontent.com
m.klmcdn.com
mroferto.rs
pagead2.googlesyndication.com
region1.analytics.google.com
securepubads.g.doubleclick.net
stats.g.doubleclick.net
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.mroferto.rs
142.250.181.227
142.250.185.130
142.250.185.194
142.250.186.130
142.250.186.72
172.217.16.206
172.67.176.206
2001:4860:4802:32::36
216.58.206.66
216.58.206.68
2a00:1450:4001:806::200e
2a00:1450:4001:811::2001
2a00:1450:4001:812::200a
2a00:1450:4001:813::2008
2a00:1450:4001:827::2003
2a00:1450:400c:c1f::9d
78.24.14.160
0c8828038da2bc4fe8e942559535ee067eb32900f51a2e787d69227fd5802a15
0d6b1ebd44479ae5c3566cc451637a4bc82f9e742d35e7f79ea83e3f2bc8ac37
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f
1d4410745d938cfbdbc4a737e42f7a64382aa66a7cef73296fa9b79cf983daf6
26915753c43abc8e81f2520b7aff58a836133612ced70cae994586a9222ea7f1
27457d193afb4f8c586fe7505bf9c26da71e9a7ef9afa6fb7631980f67326529
279fbc4c6383942000b6f8a09c92b2a6d2561598081dee5990cd08680bd15e0e
28e61dc2bedd1b8ec7c5fa2d171a59c03d2011fc2bbb4d6f295c2f4749d9fd01
2d6a2948cf50b5edf7de3b1f846046d0beedb4cf5343cff1b95d5ba8d828018d
31ac18d14a2e0619a250a18ba517c8d25d1e557677eb31ed9f2d7cc14dc10b2c
31c82900ae332b396fa3552ad9c137d995a503aac3d7b0ff8a485ceebbead183
361cde579411497d809945c89ad6d133de8bedecedf4dcb28b59523d0fa3832d
3672b301d9530f87db8b29c37456e2a4378cc950ac0e3f28fcb66eda714040ef
399c39f2201fdcf074cd43e987be4d95fbd60be7e9fc7533d895cbf93a9d6a80
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3cbb48f686d9b933cbf486a93b508802068d128a8e23175494555c2d356ab8ef
45d895ad381189bca272cf108bb73404dd8f5f0ddde28b27f8df23f8577d33f0
46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
4e6c911ed8a9db1041e258317ec6d5bfafb7e7341087b4b6714edc8fca0cf709
5545b34eb59b771ec5fbd2b4405494ea7768cde51099ee819eb8f9383ea38c4c
6290caed022411308e60191fc9da37deef3b2c3d28a474f99229a9599855e066
64d18e2c0e6fb1510623d0b46fa562d327720276cb674f55e465fe38390dbffe
66fbac849658ea2c242ee642cb493ce0504417f57cd66faeb09f6a8dd2bb6e98
6b7dfb79b63e4202eaad4d930a87c85325776c5b800a672363283ad3dc73af1c
6caddfa285aaff33089cce03ecd2190627ee25d43528eb0d08200a8de82352fa
762df949c94c62bbbb1dbafaaf49c6ea169ad8b018c362ddd44c10825bfcca58
76b4136bae78f9b13dc2766b208e35f3d2812d17dcb517ec7b3ece4e3f3b6c77
76baf7ddc2473c482726d7265054924ed50794d89cf2a16496f5b950286b8958
788c53737163aeeac55c4de72af4c183eecdb47f1172d4be93e5685ca9ab7570
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
82c561350e06136cd66905c85df1fa53b5f8c71c1e8cf8f2ee55e9f0b2e3ea62
83a3f50c6313d912af4cbc3b441bfa31204611eb5c800a1c8b6000074126e0d6
906b62cb3f2d41cd4364a7fba34104d2cf78fb1186cd3c92bcd2e2c16b1176f3
931872ba21c581b9d13ec7f57d8766ba62c5a5cc8de88b79763816e006a45e26
9a379d34a6275433f4afe6288e3f44c0574375366f1acd346d888ca70c853572
9af7fcb1f082cd5a35a0e2c03b1e1d0ff0ffea3f50ba01c8677b2ddc15ef5fcb
a5b58e66f0fd152cfd8ba70bcbfd7babe1fef2e1688e73e4bf885a281d6a950e
a8cbc7473c94db965e9e2a02d22c8ef555d5e8dfe34c0f513c5c620692d08c8a
aba3b1e74a53993ab198f8376eaf3bc0c9d841b9bc6d95f47ab839bbdb502d47
b13b3f5f54caca6c306100e27a223e03fc2a4b1d3df1f6f770b977e32a9d94c7
b7d3be3e7f0b51d9d17a157adcd93c7d92560ca05c9ec14efd0ccf5de0fdf844
bc9aec636ee2eb89cf439d13f90a546022fc8c6453893f4cb37d4152df23715f
c2b10920c1cda49336e68de35a0bfdb8fb881543699080c7b630c94236039dd6
c7e2ebd429897e85886e1435842a3dfa870e9c04f4ddb2df0391d0d92c5b1826
d1cfebc53e1e56388c3f0176498ca0a55b9adbd431c8ae84e419bd915c2f6227
d597f12efbe5ded306e21dbc541bf96e19193556fa337d3ebab3fda842ea8861
d72cc6642c0a04031206fc8ad3e23f97e23e37a5e49fb6168d7c128448fba287
de4fd71a50df2cbaf40e4d2529be6e09574fa9dd601d2ffbdd2bbbb4d7cd49a5
defff211b79f032467366cd6db04d88ca5ba363cf112f70523f2c2665915bb47
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb7ed20e079455b1a8ea835f2f53129a2583c2a09643ffde84a87882ae945047
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef52cc86c9dc5c3db6f847b3fc865056e89e16a47ea29be31b36e89a91570e80
efd15c2e9bc1ee168ba96cbaf51b9ef7ed5e3fa0307de32b3d41c391b2c62e8e
f0c95f4b7553a300f334febf99bed94b7545c29bd88e231e733de65071505e97
f3ca633ad67ccd23c4023a028ae1a638b8e762ec55fe01be50d47f5671706627
f47aa143b31d48a402e8e04098727dbff2b614f74d0d3181483d1b1fb59c3d75
f48649f44901891659e9fa0f05c6571b88e44c862faf41c1f22bf3385a36a1b9
f49e339d09184e82b5524228bcc3d26d7521a925f4f40acd8262f4acd6fc53fe
f682eec1df25f15ca443164ee0cddcce91aad4d87ca5153f2d4267d08ce12982

www.mroferto.rs Open in urlscan Pro 78.24.14.160 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

66 Requests

98 %HTTPS

41 %IPv6

11 Domains

16 Subdomains

15 IPs

4 Countries

1497 kBTransfer

3673 kBSize

6 Cookies

36 Outgoing links

Page URL History

Redirected requests

66 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mroferto.rs Open in urlscan Pro
78.24.14.160 Public Scan

Screenshot
Live screenshot

Full Image

66
Requests

98 %
HTTPS

41 %
IPv6

11
Domains

16
Subdomains

15
IPs

4
Countries

1497 kB
Transfer

3673 kB
Size

6
Cookies

66 HTTP transactions
0 data transactions