www.zdrave.bg Open in urlscan Pro
78.90.206.186 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.zdrave.bg/
Submission: On December 05 via manual (December 5th 2022, 2:09:44 pm UTC) from BG — Scanned from DE

Summary HTTP 217 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 27 IPs in 8 countries across 22 domains to perform 217 HTTP transactions. The main IP is 78.90.206.186, located in Sofia, Bulgaria and belongs to A1, BG. The main domain is www.zdrave.bg.

This is the only time www.zdrave.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
45	78.90.206.186 78.90.206.186	35141 (A1) (A1)
4	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
5	85.14.4.130 85.14.4.130	8262 (EVOLINK-AS) (EVOLINK-AS)
1 1	91.209.18.90 91.209.18.90	8558 (HTTPOOL-N...) (HTTPOOL-NET-AS)
4	91.209.18.100 91.209.18.100	8558 (HTTPOOL-N...) (HTTPOOL-NET-AS)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
29	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1 4	78.128.6.44 78.128.6.44	31083 (TELEPOINT) (TELEPOINT)
1	195.168.10.173 195.168.10.173	5578 (AS-BENEST...) (AS-BENESTRA Bratislava)
2 4	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
4 9	37.252.171.22 37.252.171.22	29990 (ASN-APPNEX) (ASN-APPNEX)
1	145.239.237.56 145.239.237.56	16276 (OVH) (OVH)
1	146.59.30.96 146.59.30.96	16276 (OVH) (OVH)
17	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
9 12	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
6 12	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
59	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
6	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1 2	3.123.239.61 3.123.239.61	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
217	27

45 78.90.206.186 (Sofia, Bulgaria)

ASN35141 (A1, BG)
PTR: mh-186.msk.bg

www.zdrave.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 85.14.4.130 (Lovech, Bulgaria)

ASN8262 (EVOLINK-AS, BG)
PTR: sportal.bg

gdpr.sportal.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.209.18.90 (Slovenia) 1 redirects

ASN8558 (HTTPOOL-NET-AS, SI)
PTR: relay.toboads.com

relay-bg.ads.httpool.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 91.209.18.100 (Slovenia)

ASN8558 (HTTPOOL-NET-AS, SI)
PTR: tas.toboads.com

tas-bg.toboads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.128.6.44 (Bulgaria) 1 redirects

ASN31083 (TELEPOINT, BG)
PTR: ip-6-44.telehouse.bg

gabg.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.168.10.173 (Bratislava, Slovakia)

ASN5578 (AS-BENESTRA Bratislava, Slovak Republic, SK)
PTR: a45.etarget.sh.cust.gts.sk

bg.search.etargetnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.155.71.150 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.21 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.252.171.22 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.237.56 (France)

ASN16276 (OVH, FR)
PTR: ip56.ip-145-239-237.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.96 (France)

ASN16276 (OVH, FR)
PTR: ip96.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.162 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.80.39.216 (Canada) 6 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.239.61 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-239-61.eu-central-1.compute.amazonaws.com

d.adtriba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 288	7 MB
47	googlesyndication.com 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 109 tpc.googlesyndication.com — Cisco Umbrella Rank: 144	289 KB
45	zdrave.bg www.zdrave.bg	232 KB
27	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203 googleads.g.doubleclick.net — Cisco Umbrella Rank: 39 cm.g.doubleclick.net — Cisco Umbrella Rank: 234 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 316	255 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 588	10 KB
11	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 238	10 KB
6	gemius.pl 1 redirects gabg.hit.gemius.pl — Cisco Umbrella Rank: 102045 ls.hit.gemius.pl — Cisco Umbrella Rank: 10826	26 KB
5	sportal.bg gdpr.sportal.bg	142 KB
4	sitescout.com 2 redirects pixel.sitescout.com — Cisco Umbrella Rank: 3787	634 B
4	toboads.com tas-bg.toboads.com — Cisco Umbrella Rank: 722569	125 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 190	170 KB
3	gstatic.com fonts.gstatic.com	48 KB
2	adtriba.com 1 redirects d.adtriba.com — Cisco Umbrella Rank: 60294	757 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 51	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 38	17 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 87 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	87 KB
1	etargetnet.com bg.search.etargetnet.com — Cisco Umbrella Rank: 147995	1 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 116
1	google.de adservice.google.de — Cisco Umbrella Rank: 7808	792 B
1	httpool.com 1 redirects relay-bg.ads.httpool.com — Cisco Umbrella Rank: 674556	388 B
0	consensu.org Failed vendorlist.consensu.org Failed
217	22

	Domain	Requested by
59	s0.2mdn.net	www.zdrave.bg s0.2mdn.net 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
45	www.zdrave.bg	www.zdrave.bg
26	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
17	tpc.googlesyndication.com	securepubads.g.doubleclick.net 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
11	ib.adnxs.com	6 redirects www.zdrave.bg googleads.g.doubleclick.net
6	googleads4.g.doubleclick.net	www.zdrave.bg
6	googleads.g.doubleclick.net	04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com www.zdrave.bg
5	gdpr.sportal.bg	www.zdrave.bg gdpr.sportal.bg
4	pixel.sitescout.com	2 redirects www.zdrave.bg
4	gabg.hit.gemius.pl	1 redirects www.zdrave.bg gabg.hit.gemius.pl
4	04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	tas-bg.toboads.com	www.zdrave.bg
4	www.googletagservices.com	www.zdrave.bg 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
3	fonts.gstatic.com	fonts.googleapis.com
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	d.adtriba.com	1 redirects 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
2	fonts.googleapis.com	s0.2mdn.net
2	ls.hit.gemius.pl	gabg.hit.gemius.pl ls.hit.gemius.pl
2	www.google-analytics.com	www.zdrave.bg
2	connect.facebook.net	www.zdrave.bg connect.facebook.net
1	www.google.com	tpc.googlesyndication.com
1	bg.search.etargetnet.com	www.zdrave.bg
1	www.facebook.com	www.zdrave.bg
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	relay-bg.ads.httpool.com	1 redirects
0	vendorlist.consensu.org Failed	gdpr.sportal.bg
217	29

This site contains links to these domains. Also see Links.

Domain
zdrave.jobs.bg
www.idengo.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.sportal.bg Go Daddy Secure Certificate Authority - G2	`2021-12-17` - `2023-01-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-13` - `2022-12-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2022-09-13` - `2023-09-25`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh

This page contains 22 frames:

Primary Page: http://www.zdrave.bg/
Frame ID: E01CA3FF8DC085B4621EBCA4420F9024
Requests: 76 HTTP requests in this frame

Frame: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0C68CAB034FBFB7B7C582C247ED870E5
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255
Frame ID: 03B433D0CA37B453451457ECD1DAFCFF
Requests: 1 HTTP requests in this frame

Frame: http://ls.hit.gemius.pl/lsget.html
Frame ID: 80FAC3A38E9CB2252B1945685BE652B3
Requests: 1 HTTP requests in this frame

Frame: http://tas-bg.toboads.com/alt.php?rq=e4f05a7d-5c06-1b76-290c-7bfc90da422b&vt=fef5447e-e76a-42e9-9ad0-cfdece5a463c&brand=generic&af=300x250&clr_border=FFFFFF&clr_bg=FFFFFF&clr_title=4170a0&clr_link=fac588&clr_text=000000&nw=0&zn=533338dda&
Frame ID: 26A5F290CD51DE14A5E5E3C0B6A88EAB
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html?mode=new
Frame ID: 37C185CB87EE33EF34974BFD6EE7C7F0
Requests: 1 HTTP requests in this frame

Frame: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B7DC496ADCD01F766DDA9F2343FCF7EB
Requests: 14 HTTP requests in this frame

Frame: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A88DA90BD25340A30E75544A21B5080B
Requests: 14 HTTP requests in this frame

Frame: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: CDD8A0C04AAB6B2A95C184B59C5BA252
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_7fT2gEwAQ&v=APEucNVH7CZMqD02mRKLPAvMlLOhX1LnrZ_SQW_06jyZJdqM3GjIy1TGd3SK36aAv_l3vdht1Gs42HWRhStHO6Lo-54289XUZzNxmFoW8nRu755timBSYEiJGfWCVTQwDgfZ9dgKFHE2aIFyZAZKiPpTG8PrabgTqog4T3JjSc02NFzYM4BLHT8
Frame ID: A2C3AA336D7E5DF0E35750D655C94858
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGLzTzdsBMAE&v=APEucNUc4F6o5XfohtBpqUItxOujtZaMrwtrX2B5JtQ0XnHqEH2puw_EZK_xObt5V6iLoTKFlwzEZ-TrVvt-P6-RPbR7tLmQudE08jEc8ity2Dh5m4rkwhhXcbewXWqi9sKQn0KKx4rU8PDFSNvxunyi4hj6WCdxbpu5V57i8ZQ9HCnpxOpIJ-c
Frame ID: 5C4609B22AAD5BB43F605A1F1C31F3A4
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjuaBCznHAYquKL1QEwAQ&v=APEucNWF82y4nrmZdAwHYWH4ZXaDPxgBi9K45Fb-ESYKaEtoI17wZe2TLLVh2aSHRqGtaoJxlyNgBsnH59PCpTpIpWsiQ_EC2y0560TqdL5zi9CIWEsj_9vMMUHPBeoWHOUP3q8mXLDSJJlOX0s3lfpQSaQemSr057r33chA56Yw0DfShO6FQ3g
Frame ID: CE897979CD964FAB8521DC3DD31B620C
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 27F51A277B80551A3CA5E9CA14C614BC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D0FA15B0479A3E7EF768CDA4AA86768F
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
Frame ID: F5A15ED5CF82F00A4C2AAC2F7452CC12
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
Frame ID: 85CA47DC9106EDC6DE729732D858E0FF
Requests: 50 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 674A868FC2D732FAEE6442F41284716E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: ED49C95C70A52C913FE383040C28521E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=Tkvha6UMKy&t=1&renderingType=2&ev=01_247
Frame ID: 5894C6340A4326B2B2B5F8A57CFFC88D
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4AE3600A5DA4CCFD53B014A823D73CC4
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js
Frame ID: BC9915140E981834841B0BE90C970FCA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js
Frame ID: 3195A70813BACF9C3EDD09F8C88D9982
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

новини за здравето на всеки, всеки ден | здраве.bg

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

217
Requests

65 %
HTTPS

46 %
IPv6

22
Domains

29
Subdomains

27
IPs

8
Countries

8243 kB
Transfer

11033 kB
Size

19
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://zdrave.jobs.bg/
Title: работа,

Search URL Search Domain Scan URL

URL: http://www.idengo.com/
Title: IDENGO

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

http://relay-bg.ads.httpool.com/ HTTP 303
http://tas-bg.toboads.com/js/adi-ec561a14.js

Request Chain 31

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 52

http://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255 HTTP 307
https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255

Request Chain 53

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 60

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=924782720&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D1%82%D0%BE%20%D0%BD%D0%B0%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%2C%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%20%D0%B4%D0%B5%D0%BD%20%7C%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5.bg&utmhid=302445705&utmr=-&utmp=%2F&utmht=1670249377498&utmac=UA-324471-1&utmcc=__utma%3D2577403.1180795947.1670249377.1670249377.1670249377.1%3B%2B__utmz%3D2577403.1670249377.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=692483822&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAQAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=924782720&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D1%82%D0%BE%20%D0%BD%D0%B0%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%2C%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%20%D0%B4%D0%B5%D0%BD%20%7C%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5.bg&utmhid=302445705&utmr=-&utmp=%2F&utmht=1670249377498&utmac=UA-324471-1&utmcc=__utma%3D2577403.1180795947.1670249377.1670249377.1670249377.1%3B%2B__utmz%3D2577403.1670249377.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=692483822&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAQAAAAE~

Request Chain 65

http://pixel.sitescout.com/iap/ea24b8a97ba6cbd8 HTTP 302
https://pixel.sitescout.com/iap/ea24b8a97ba6cbd8

Request Chain 66

http://ib.adnxs.com/seg?add=9942225 HTTP 307
https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9942225

Request Chain 67

http://pixel.sitescout.com/iap/1dedaf03ba2c1838 HTTP 302
https://pixel.sitescout.com/iap/1dedaf03ba2c1838

Request Chain 68

http://ib.adnxs.com/seg?add=9922745 HTTP 307
https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9922745 HTTP 307
https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9922745

Request Chain 77

https://gabg.hit.gemius.pl/_1670249377808/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrave.bg%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=0Q8q42SGcsq.VE3TnshADMeavxU4IwYOgDwgvcSCJDn.I7c1NcFKAKYuGyrqSZmP8ecrCgQgiledmzLbzmwgW95ZMMh9/pvsavFopcAFYb/&fpdata=084qUh6HyHx1GvooHuqsrr6n53q_7zNE.Mz85DHnViv.t7&ltime=229&inner=_ver%3D331&lsadd=&exid=638dfba1227a4b95&fpcap= HTTP 301
https://gabg.hit.gemius.pl/__/_1670249377808/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrave.bg%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=0Q8q42SGcsq.VE3TnshADMeavxU4IwYOgDwgvcSCJDn.I7c1NcFKAKYuGyrqSZmP8ecrCgQgiledmzLbzmwgW95ZMMh9/pvsavFopcAFYb/&fpdata=084qUh6HyHx1GvooHuqsrr6n53q_7zNE.Mz85DHnViv.t7&ltime=229&inner=_ver%3D331&lsadd=&exid=638dfba1227a4b95&fpcap=

Request Chain 102

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG18SABHX2X5HQmsldqhHVk&google_cver=1

Request Chain 103

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y437opF07vvHLXM5gpFc7QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

Request Chain 105

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG18SABHX2X5HQmsldqhHVk&google_cver=1

Request Chain 107

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y437opF07vvHLXM5gpFc7QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

Request Chain 109

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1

Request Chain 111

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y437opF07vvHLXM5gpFc7QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1

Request Chain 112

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

Request Chain 113

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

Request Chain 170

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202211_es_ukraine_dv_pros_353149978&atb_dpuid=di_dv&gdpr=&gdpr_consent= HTTP 302
https://d.adtriba.com/px.gif

217 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.zdrave.bg/ 34 KB
10 KB 315ms
145ms Document
text/html 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 31c1401c5e39742fc59a62a1fafba5eceac889c3d61cc436c650b743a7a9a65f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 9503
Content-Type: text/html
Date: Mon, 05 Dec 2022 14:09:36 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding

GET
H/1.1 200
OK swfobject.js Show response
www.zdrave.bg/js/ 7 KB
3 KB 36ms
35ms Script
application/x-javascript 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/js/swfobject.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: f2172868bc46d74ad32f2715bc25a8716e07a784b2ecb24d9d077d2125c6c993

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Aug 2013 09:16:07 GMT
Server: nginx
ETag: W/"51fb78d7-1ae0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 200
OK jquery.js Show response
www.zdrave.bg/js/ 95 KB
33 KB 74ms
38ms Script
application/x-javascript 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/js/jquery.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 28cd1264bd1c0efccf4e7e030e8fc0dac7f2176f8d88ba60c8714ea738a8f550

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Aug 2013 09:16:07 GMT
Server: nginx
ETag: W/"51fb78d7-17d59"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 200
OK zdrave.js Show response
www.zdrave.bg/js/ 14 KB
5 KB 76ms
39ms Script
application/x-javascript 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/js/zdrave.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: be6fd99e19aac74aa0fd01a271bae13e65496afad769c0df1e5648bd9a2cd950

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Aug 2013 09:16:07 GMT
Server: nginx
ETag: W/"51fb78d7-39e0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Keep-Alive: timeout=5

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
27 KB 45ms
16ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03934c8c4af46d1ccac0264b05179da73d1e1659069e1dae283e09cc9ed1b2d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27507
x-xss-protection: 0
server: sffe
etag: "1412 / 665 of 1000 / last-modified: 1670242868"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 05 Dec 2022 14:09:37 GMT

GET
H2 200 sportal.gdpr.js Show response
gdpr.sportal.bg/ 19 KB
8 KB 283ms
52ms Script
application/javascript 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/sportal.gdpr.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: 782a77ad65b778b8745670755fa9b2bc96e05c865936460082e3e493ddfd72f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
last-modified: Wed, 05 Jun 2019 12:19:53 GMT
server: nginx
etag: W/"5cf7b369-4a2e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H/1.1 200
OK zdrave_styles.css
www.zdrave.bg/css/ 39 KB
9 KB 71ms
35ms Stylesheet
text/css 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/css/zdrave_styles.css
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 76fd4dd5c74aea6b02fc8ee6090b0bc6a59eda5f9d6ff38b02ed1eda91a99a48

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Aug 2013 09:14:56 GMT
Server: nginx
ETag: W/"51fb7890-9b37"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 200
OK zdrave_search_submit.gif
www.zdrave.bg/images/ 1 KB
2 KB 39ms
35ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_search_submit.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 58556977e7860db2b6db32a94b0f4549ef12839318d98455cc553b5e4bd32c65

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-577"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1399

GET
H/1.1 200
OK zdrave_header_logo.jpg
www.zdrave.bg/images/ 7 KB
8 KB 41ms
36ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_header_logo.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 43135cf7c31641d06df7ff2d9a82cd764c227fc5fcd7ecfae563acb03dd7228c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-1dca"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 7626

GET
H/1.1 200
OK zdr_left_menu_header.gif
www.zdrave.bg/images/ 1 KB
1 KB 40ms
34ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_left_menu_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 2def643052cff38eef41134268f401bcfcc4eeabfc3080fe3a3f0f7026b84a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-4ce"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1230

GET
H/1.1 200
OK zdr_left_deseases_header.gif
www.zdrave.bg/images/ 1 KB
2 KB 42ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_left_deseases_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 1c377127bcfa3c889dd0bf2b470b8e82892429dc22ddc8fd267f071dc74d3e42

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-55f"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1375

GET
H/1.1 200
OK zdr_header_rss.gif
www.zdrave.bg/images/ 699 B
953 B 178ms
34ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_header_rss.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 473f3e92b1252dba029b6c5d036d7dbfd02b1c7d8e3fda3350c22045f21ed733

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-2bb"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 699

GET
H/1.1 200
OK 5782.jpg
www.zdrave.bg/images/250/ 16 KB
16 KB 183ms
36ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5782.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 102423e1eefe81cf7be86b18c52ff4f91e0905b64277582386529dfaaa85e844

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:08:03 GMT
Server: nginx
ETag: "51fb76f3-3fb6"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 16310

GET
H/1.1 200
OK 5447.jpg
www.zdrave.bg/images/250/ 14 KB
14 KB 44ms
36ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5447.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 38c41f2a23606c4ac956be11f4ed1cb6fd451007b5afd53000bce1a9999ef273

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:08:17 GMT
Server: nginx
ETag: "51fb7701-37d8"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 14296

GET
H/1.1 200
OK 5785.jpg
www.zdrave.bg/images/250/ 21 KB
21 KB 57ms
33ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5785.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 9fec94b4ff143599afb447b8fd3a2c2b3ba59caee8670c59042fb7bd3433f58b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:07:50 GMT
Server: nginx
ETag: "51fb76e6-530e"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 21262

GET
H/1.1 200
OK 5783.jpg
www.zdrave.bg/images/250/ 18 KB
18 KB 57ms
34ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5783.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: bb998a86cbac87a0d49bb25b54abc93972824501d99531b2c69e2de3ecebc13a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:07:59 GMT
Server: nginx
ETag: "51fb76ef-48d4"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 18644

GET
H/1.1 200
OK 5707.jpg
www.zdrave.bg/images/250/ 21 KB
21 KB 35ms
34ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5707.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 8d63fba992512d3d08c8a9f7b770fd6203622bdc6284e30af91d516f5a753eb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:07:24 GMT
Server: nginx
ETag: "51fb76cc-5442"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 21570

GET
H/1.1 200
OK zdr_arrow_left.gif
www.zdrave.bg/images/ 53 B
305 B 52ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_arrow_left.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: ab100b2b5cea43ed7e6d90205014fed9b4df8d7aa8c04dba39c61f3667d1adc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-35"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 53

GET
H/1.1 200
OK zdr_arrow_right.gif
www.zdrave.bg/images/ 56 B
308 B 82ms
33ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_arrow_right.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 4352dcef55a499ed21de78785c1d6c67db60bd24a37d5df8859d987682cb8fb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-38"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 56

GET
H/1.1 200
OK zdr_center_more_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 100ms
33ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_center_more_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 5e0a6d389252a6a887d3b5e3c860d758d47162b44481550be199436d95079145

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-889"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2185

GET
H/1.1 200
OK 6202.jpg
www.zdrave.bg/images/80/ 4 KB
4 KB 104ms
36ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/80/6202.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: b5c9b565e21dce9ebed5eab5acfa741ba584d656fefad1e0766cf34ad869b8d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Thu, 11 Feb 2021 15:12:50 GMT
Server: nginx
ETag: "60254972-108f"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 4239

GET
H/1.1 200
OK 2219.jpg
www.zdrave.bg/images/80/ 4 KB
4 KB 102ms
34ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/80/2219.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: e599f75928c9adfc5466b3a9391433e89623967d26665b7c7897ea69f2ebf0d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:04 GMT
Server: nginx
ETag: "51fb77a8-e21"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 3617

GET
H/1.1 200
OK zdr_u-know_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 111ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_u-know_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: e47b9e815087e2fc99bbf6cbf261c70deb464a65398b4f20b20a12594fa1e479

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-78a"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 1930

GET
H/1.1 200
OK 5283.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 43ms
33ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/5283.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: c12883dc07f971d67e5b7c0b6bbb496858e0721f94d05706bac6215bf9b6908b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:41 GMT
Server: nginx
ETag: "51fb77cd-cc8"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3272

GET
H/1.1 200
OK 4665.jpg
www.zdrave.bg/images/60/ 2 KB
3 KB 63ms
36ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/4665.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 8a33f2d843dec50c117b7023802cfef9631c4e163bacdbd88b7eb6dc8512f6cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:40 GMT
Server: nginx
ETag: "51fb77cc-93f"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2367

GET
H/1.1 200
OK 677.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 37ms
33ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/677.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: db9d01707fe76a51a28349eca999d875004049d3ba47686e7274fa1c79b0a869

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:20 GMT
Server: nginx
ETag: "51fb77b8-cf9"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3321

GET
H/1.1 200
OK 5289.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 37ms
33ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/5289.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 6d57e824e059301698f353db1cf92025de2a6d1e6f8c5abbffc24fc768e13550

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:41 GMT
Server: nginx
ETag: "51fb77cd-a79"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2681

GET
H/1.1 200
OK 3700.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 36ms
34ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/3700.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: b583d05bbbb011366fea9dda74ebd9cf77ac7b83fc1736e7c8529d151e6277d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:51 GMT
Server: nginx
ETag: "51fb77d7-aa5"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2725

GET
H/1.1 200
OK 4977.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 45ms
36ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/4977.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: a960c0aa92033ca3ecfdd81cec7a4443d8e73f7081f1d5fb91f165e05e2d58eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:48 GMT
Server: nginx
ETag: "51fb77d4-b56"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2902

GET
H/1.1 200
OK 5822.jpg
www.zdrave.bg/images/80/ 3 KB
3 KB 134ms
33ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/80/5822.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: be8a61c5d7715ba61c258ac1b146a8e29da020251bd6dee9cc36424a050e560a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:10:20 GMT
Server: nginx
ETag: "51fb777c-c31"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3121

GET
H/1.1

200
OK

adi-ec561a14.js Show response
tas-bg.toboads.com/js/
Redirect Chain

http://relay-bg.ads.httpool.com/
http://tas-bg.toboads.com/js/adi-ec561a14.js

121 KB
121 KB

88ms
25ms

Script
text/javascript

91.209.18.100
HTTPOOL-NET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tas-bg.toboads.com/js/adi-ec561a14.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 91.209.18.100 , Slovenia, ASN8558 (HTTPOOL-NET-AS, SI),
Reverse DNS: tas.toboads.com
Software: nginx / PHP/7.1.13
Resource Hash: 42285c7370fbff808491465a745957b30cc582b602b15649d3fba714ee602988

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Thu, 01 Sep 2022 12:29:59 GMT
Server: nginx
X-Powered-By: PHP/7.1.13
ETag: W/"ebadc3b25a8662991415a39814ec4260"
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
P3P: policyref="/w3c/p3p.xml", CP="httpool"
Cache-Control: private, max-age=21254400
Connection: keep-alive
Expires: Fri, 05 May 2023 12:29:59 GMT

Redirect headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Mon, 05 Dec 2022 14:09:37 GMT
Server: nginx
X-Powered-By: PHP/7.1.13
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Location: http://tas-bg.toboads.com/js/adi-ec561a14.js
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Connection: keep-alive

GET
H/1.1 200
OK zdr_right_quiz_vote.gif
www.zdrave.bg/images/ 734 B
988 B 42ms
33ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_right_quiz_vote.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 581b5d3edb9fc27999b016832d576b42d39a6702eacf9e9ec60d8c0a6917e381

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-2de"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 734

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

44ms
9ms

Script
application/x-javascript

2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27a035532408f9fbe4e96fd96e121b4e68e38586688622abda305e460725691f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 14:09:37 GMT
content-md5: 78W/bg40WY1mm6d/QUF54Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: goo7RVA6jHKU6+BoaXQNhp9qAKnRI/OZxOLaA643gnth2IVlr+BBBU4v7MR6IY3h4xBvWRWSC9qIgq1AAkWXqQ==
x-fb-trip-id: 917726464
x-fb-content-md5: 38245d6953371e52e7fc1e61129902b0
cross-origin-opener-policy: same-origin-allow-popups
etag: "239b2b9e068ed2cfacf909bf4154b72a"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Mon, 05 Dec 2022 14:11:46 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/all.js#xfbml=1
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK bullet_orange_top_menu.gif
www.zdrave.bg/images/ 1 KB
1 KB 38ms
34ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/bullet_orange_top_menu.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 294a8041d261138b6673afb0ce72c680992d5a4091009aa655e6e79297f9d9df

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:44 GMT
Server: nginx
ETag: "51fb76a4-44c"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1100

GET
H/1.1 200
OK zdrave_header_bottom_full_bg.gif
www.zdrave.bg/images/ 1 KB
2 KB 65ms
34ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_header_bottom_full_bg.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 97b37c3497e067d19d97bdf7b62b5749b3e132ca56220e5698d8d66d90757dd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-536"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1334

GET
H/1.1 200
OK zdrave_header_container_bg.jpg
www.zdrave.bg/images/ 3 KB
3 KB 65ms
34ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_header_container_bg.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 85d4ef637cacccef5919fa290c3c104c8682d939e7f0b1e4d0cfb67f09307778

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-be5"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3045

GET
H/1.1 200
OK zdrave_dropdown_menu_bckgr_last.gif
www.zdrave.bg/images/ 169 B
422 B 65ms
35ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_dropdown_menu_bckgr_last.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: ff4c6510b024bdf4d4a38848129fe74137b0d2eb3acaee253854a51e385e2273

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-a9"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 169

GET
H/1.1 200
OK zdrave_dropdown_menu_bckgr_circle.gif
www.zdrave.bg/images/ 49 B
273 B 66ms
35ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_dropdown_menu_bckgr_circle.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: e33d9e3eb211444580014e5a7ee28f61f8ad40ada8a191246ee2988cf9567285

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-31"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 49

GET
H/1.1 200
OK zdr_left_menu_plus.gif
www.zdrave.bg/images/ 4 KB
4 KB 53ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_left_menu_plus.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 866adec983f3c77bb4f6584cbffc36290ba9e0252b7ea388240e5e58fd8e6876

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-f34"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3892

GET
H/1.1 200
OK zdr_center_top_header.gif
www.zdrave.bg/images/ 3 KB
3 KB 82ms
34ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_center_top_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 4f3a3090e0884756fa93224898619ab10c0bf0e216421914dc787287a76cedbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-a4c"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2636

GET
H/1.1 200
OK zdr_bullet_romb.gif
www.zdrave.bg/images/ 134 B
387 B 67ms
34ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_bullet_romb.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 796c84eac5bb533e3ed7bf97fb67fa1d1ab6b6115f81a82c9d1994ea415f7a44

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-86"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 134

GET
H/1.1 200
OK zdr_center_header_faq.gif
www.zdrave.bg/images/ 3 KB
3 KB 74ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_center_header_faq.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 4d6f39ef46419482e924286a45ce79748ed22edb7de4bafa7575597214ef373b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-c4c"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3148

GET
H/1.1 200
OK zdrave_advice_header.gif
www.zdrave.bg/images/ 1 KB
1 KB 100ms
33ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_advice_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 9ba6247d89411f5e450c2348f4605a57f12122b29cf102671929c26c905e66b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-43e"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1086

GET
H/1.1 200
OK zdrave_topic_accent_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 111ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_topic_accent_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 350d86c0140550202426b067ebeb07ccdab9974634cd9679316cd8e72dcbfd7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-7e7"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2023

GET
H/1.1 200
OK bullet_yellow_green_bg.gif
www.zdrave.bg/images/ 131 B
384 B 74ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/bullet_yellow_green_bg.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 1de6e720901fe5ca658c1323b895ef2d0a14508e1403cbfc1b18d938c610d452

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-83"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 131

GET
H2 200 pubads_impl_2022120101.js Show response
securepubads.g.doubleclick.net/gpt/ 384 KB
131 KB 40ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0b59c362ae740c391e742fa4517d90b9461b416b9bec855d14c04603dbaf71c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 15:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81536
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133241
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 09:36:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Dec 2023 15:30:41 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 111 B
713 B 73ms
42ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zdrave.bg

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56b037e4ecfaba364af8e4eeecaf4c4a666f9cf633e789e61b6d522b49b82e0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78
x-xss-protection: 0
expires: Mon, 05 Dec 2022 14:09:37 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 302 KB
85 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=9553137dbce8ae8e5d281bbefd1d1889

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fd2ab750d86b553cb3752ee5b88c68992b0c9ee89b47e5c82c7305d9ba76b40f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://www.zdrave.bg/
Origin: http://www.zdrave.bg
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 14:09:37 GMT
content-md5: tNoUdEH5iO9Vkz+5XZvDig==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86755
x-fb-rlafr: 0
x-fb-debug: Fdp6ixWJxWr4oCWRz3Ygq8OfGIhpDZ6z+g1otsLHCsCJdlDXDqhOoPJ9WI9p2ESCL7RXdwZ1m2LD4YljZi7NuQ==
x-fb-content-md5: ba0096585322edfad7f23d7edc2cc789
cross-origin-opener-policy: same-origin-allow-popups
etag: "ee4296c36e90d72a60c1d797eb1d99e9"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 05 Dec 2023 11:43:45 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 44ms
17ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdrave.bg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 44ms
16ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdrave.bg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
16 KB 484ms
469ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4147905082598504&correlator=1925677595015983&eid=31071116%2C31071054&output=ldjh&gdfp_req=1&vrg=2022120101&ptt=17&impl=fifs&iu_parts=26641721%2Czdrave.bg_160x600%2Czdrave.bg_300x250%2Czdrave.bg_branding_megaboard&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=160x600%2C300x600%7C300x250%2C1x1%7C728x90%7C980x200&ifi=1&adks=210898386%2C3271815912%2C192288229&sfv=1-0-40&sc=0&cookie_enabled=1&abxe=1&dt=1670249377338&lmt=1670249377&dlt=1670249376993&idt=316&adxs=310%2C990%2C562&adys=811%2C283%2C37&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fwww.zdrave.bg%2F&frm=20&vis=1&psz=160x600%7C300x0%7C728x90&msz=160x-1%7C300x0%7C728x0&fws=0%2C0%2C0&ohw=0%2C0%2C0&ga_vid=1180795947.1670249377&ga_sid=1670249377&ga_hid=302445705&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85e39297c3b650ff163dc68dfe3b6b8cbe3d509f8ca84a1c5c7aa938691a8448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16459
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.zdrave.bg
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0C68 6 KB
3 KB 66ms
15ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:37 GMT
expires: Tue, 05 Dec 2023 14:09:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK adl-d9566a3e.js Show response
tas-bg.toboads.com/js/ 367 B
759 B 44ms
44ms Script
text/javascript 91.209.18.100
HTTPOOL-NET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=1&rq=e4f05a7d-5c06-1b76-290c-7bfc90da422b&vt=fef5447e-e76a-42e9-9ad0-cfdece5a463c&isf=false&zn=533338dda&tm=0&af=300x250&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=34131c29-f28c-a38f-db67-0e6bcadfc398&ct=bb80d014-6d6a-d69f-b9e6-05a90848aad7&c=hA_c_0_7b938c4b&ah=0&
Requested by: Host:
URL: webpack:///../javascript/src/WindowManager.js?
Protocol: HTTP/1.1
Server: 91.209.18.100 , Slovenia, ASN8558 (HTTPOOL-NET-AS, SI),
Reverse DNS: tas.toboads.com
Software: nginx / PHP/7.1.13
Resource Hash: 5cf50d317e676bf06064674799012075e3cb15a87cb82a0d2d17eacc75e1d21c

Request headers

Referer: http://www.zdrave.bg/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Mon, 05 Dec 2022 14:09:37 GMT
Server: nginx
X-Powered-By: PHP/7.1.13
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="httpool"
Content-Type: text/javascript; charset=utf-8
Cache-Control: private, max-age: 0
Connection: keep-alive
Expires: Mon, 05 Dec 2022 13:09:37 GMT

GET
H2

200

likebox.php
www.facebook.com/plugins/ Frame 03B4
Redirect Chain

http://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255
https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255

0
0

96ms
71ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 05 Dec 2022 14:09:37 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: q+klyuFD3URXRJ4zTiAN/eSBD/tXABXToa25l4WavAn5uNxAXbSBVYAsg/6XTXW6imVSqplzsTMGmse/wnqWiw==
x-fb-rlafr: 0
x-frame-options: DENY
x-xss-protection: 0

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255
Non-Authoritative-Reason: HSTS

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

29ms
7ms

Script
text/javascript

2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 13:21:29 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 2888
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 05 Dec 2022 15:21:29 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK xgemius.js Show response
gabg.hit.gemius.pl/ 64 KB
17 KB 95ms
44ms Script
application/x-javascript 78.128.6.44
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: http://gabg.hit.gemius.pl/xgemius.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.128.6.44 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-44.telehouse.bg
Software: GHC /
Resource Hash: f842c2f18441d992486b6b7387ec4e78fdd55f1fe900cb070b8f24ce26920d15

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Nov 2022 11:36:49 GMT
Server: GHC
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Vary: Accept-Encoding,Origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Content-Type: application/x-javascript
Cache-Control: max-age=43200
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: none
Keep-Alive: timeout=10
Content-Length: 17204
Expires: Tue, 06 Dec 2022 02:09:37 GMT

GET
H/1.1 200
OK / Show response
bg.search.etargetnet.com/a/ 574 B
1 KB 68ms
32ms Script
application/javascript 195.168.10.173
AS-BENESTRA Brati...

General

Check archive.org

Show headers Download Go to

Full URL: http://bg.search.etargetnet.com/a/?ref=69700
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 195.168.10.173 Bratislava, Slovakia, ASN5578 (AS-BENESTRA Bratislava, Slovak Republic, SK),
Reverse DNS: a45.etarget.sh.cust.gts.sk
Software: nginx /
Resource Hash: b1a6d5f4ffb9218e749c18808d39035c35fd82bae68544aa27bf7ac9c1dba6a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: cache
Date: Mon, 05 Dec 2022 14:09:37 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=windows-1250
X-Protected-By: Bee/0.68
Y-Protected-By: Bulbasaur/blade2-08.etarget.sk
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Cache-Control: max-age=7200
Connection: keep-alive
Expires: Mon, 05 Dec 2022 16:09:37 GMT

GET
H/1.1 200
OK zdr_right_top_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 34ms
34ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_right_top_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 9cc2a05d65d6805b9ea06989155a430932bf4d994915a617ecaeab4dd2dc5bdf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:44 GMT
Server: nginx
ETag: "51fb76a4-7de"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2014

GET
H/1.1 200
OK zdr_right_quiz_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 37ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_right_quiz_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 45f03badef9166a1e3a0a32d90c2142aa3426de23b7729770328ce8d0853f0bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-67a"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 1658

GET
H/1.1 200
OK bullet_orange.gif
www.zdrave.bg/images/ 53 B
305 B 34ms
34ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/bullet_orange.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 94e3d2444192a16a5440e24074941287108059b70bef2202a2bdcfd882f5a75b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-35"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 53

GET
H/1.1 200
OK adl-d9566a3e.js Show response
tas-bg.toboads.com/js/ 235 B
626 B 38ms
38ms Script
text/javascript 91.209.18.100
HTTPOOL-NET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=2&rq=e4f05a7d-5c06-1b76-290c-7bfc90da422b&vt=fef5447e-e76a-42e9-9ad0-cfdece5a463c&isf=false&zn=e45aec764&tm=0&af=0x0&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=0749629f-acfe-39aa-1fbf-8080ac5929a0&ct=47490c44-b8f0-8f55-dd10-ac0a8bb06663&c=hA_c_1_f4e365ca&ah=0&
Requested by: Host:
URL: webpack:///../javascript/src/WindowManager.js?
Protocol: HTTP/1.1
Server: 91.209.18.100 , Slovenia, ASN8558 (HTTPOOL-NET-AS, SI),
Reverse DNS: tas.toboads.com
Software: nginx / PHP/7.1.13
Resource Hash: a6141f1116860a115764b64d04704a0bccba86936f2236ec876af3cf070436aa

Request headers

Referer: http://www.zdrave.bg/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Mon, 05 Dec 2022 14:09:37 GMT
Server: nginx
X-Powered-By: PHP/7.1.13
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="httpool"
Content-Type: text/javascript; charset=utf-8
Cache-Control: private, max-age: 0
Connection: keep-alive
Expires: Mon, 05 Dec 2022 13:09:37 GMT

GET
H3

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=924782720&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=924782720&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=...

35 B
54 B

29ms
14ms

Image
image/gif

2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=924782720&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D1%82%D0%BE%20%D0%BD%D0%B0%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%2C%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%20%D0%B4%D0%B5%D0%BD%20%7C%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5.bg&utmhid=302445705&utmr=-&utmp=%2F&utmht=1670249377498&utmac=UA-324471-1&utmcc=__utma%3D2577403.1180795947.1670249377.1670249377.1670249377.1%3B%2B__utmz%3D2577403.1670249377.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=692483822&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAQAAAAE~

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=924782720&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D1%82%D0%BE%20%D0%BD%D0%B0%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%2C%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%20%D0%B4%D0%B5%D0%BD%20%7C%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5.bg&utmhid=302445705&utmr=-&utmp=%2F&utmht=1670249377498&utmac=UA-324471-1&utmcc=__utma%3D2577403.1180795947.1670249377.1670249377.1670249377.1%3B%2B__utmz%3D2577403.1670249377.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=692483822&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAQAAAAE~
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK loadingAnimation.gif
www.zdrave.bg/ 6 KB
6 KB 34ms
33ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/loadingAnimation.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: e69abd7e0cc82f336e61fea889e406ecbbeb7ece1df960231b7a9ba0d1dd1676

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:37 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:39 GMT
Server: nginx
ETag: "51fb769f-16fe"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 5886

GET
H2 200 runtime.js Show response
gdpr.sportal.bg/ 1 KB
1 KB 53ms
52ms Script
application/javascript 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/runtime.js
Requested by: Host: gdpr.sportal.bg
URL: https://gdpr.sportal.bg/sportal.gdpr.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: 6b15ff8756e97e5bea28b6c68a88e362cc912702ac0e2a74b7f2fe0153fe95de

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
last-modified: Thu, 22 Aug 2019 12:08:08 GMT
server: nginx
etag: W/"5d5e85a8-5de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 dependencies.js Show response
gdpr.sportal.bg/ 345 KB
123 KB 55ms
55ms Script
application/javascript 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/dependencies.js
Requested by: Host: gdpr.sportal.bg
URL: https://gdpr.sportal.bg/sportal.gdpr.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: 529e7649235a7ada58f6f8e1ac45cc35a271ad3ca5f4e9499477d0039206b4e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
last-modified: Thu, 22 Aug 2019 12:08:08 GMT
server: nginx
etag: W/"5d5e85a8-5657d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 app.js Show response
gdpr.sportal.bg/ 32 KB
9 KB 160ms
159ms Script
application/javascript 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/app.js
Requested by: Host: gdpr.sportal.bg
URL: https://gdpr.sportal.bg/sportal.gdpr.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: fe322532eb93c5b3c159a5f6456b53ebd4e8855e77964cccac8ae089e741f28a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
last-modified: Thu, 22 Aug 2019 12:08:08 GMT
server: nginx
etag: W/"5d5e85a8-7e7d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2

204

ea24b8a97ba6cbd8
pixel.sitescout.com/iap/
Redirect Chain

http://pixel.sitescout.com/iap/ea24b8a97ba6cbd8
https://pixel.sitescout.com/iap/ea24b8a97ba6cbd8

0
191 B

93ms
40ms

Image
text/plain

66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/iap/ea24b8a97ba6cbd8
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: H2
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/iap/ea24b8a97ba6cbd8
cache-control: no-cache
content-length: 0

GET
H/1.1

200
OK

sbounce
ib.adnxs.com/
Redirect Chain

http://ib.adnxs.com/seg?add=9942225
https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9942225

43 B
1 KB

15ms
9ms

Image
image/gif

37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9942225

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

HTTP/1.1

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:37 GMT
AN-X-Request-Uuid: d28ed55c-fa2f-4e8a-a6c3-076b76b58e56
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:37 GMT
AN-X-Request-Uuid: 6befaaf4-99b8-428f-bccc-23e1095017c9
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9942225
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

1dedaf03ba2c1838
pixel.sitescout.com/iap/
Redirect Chain

http://pixel.sitescout.com/iap/1dedaf03ba2c1838
https://pixel.sitescout.com/iap/1dedaf03ba2c1838

0
191 B

91ms
41ms

Image
text/plain

66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/iap/1dedaf03ba2c1838
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: H2
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/iap/1dedaf03ba2c1838
cache-control: no-cache
content-length: 0

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

http://ib.adnxs.com/seg?add=9922745
https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9922745
https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9922745

43 B
1 KB

8ms
8ms

Image
image/gif

37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9922745

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

HTTP/1.1

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:37 GMT
AN-X-Request-Uuid: 356877a3-9f18-4a85-b55d-1ebb047fa48b
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:37 GMT
AN-X-Request-Uuid: 4c9cefd4-7840-41be-865c-685dae4cbd6d
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9922745
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fpdata.js Show response
gabg.hit.gemius.pl/ 278 B
641 B 179ms
84ms Script
application/x-javascript 78.128.6.44
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://gabg.hit.gemius.pl/fpdata.js?href=www.zdrave.bg
Requested by: Host: gabg.hit.gemius.pl
URL: http://gabg.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 78.128.6.44 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-44.telehouse.bg
Software: GHC /
Resource Hash: 48eafd6fb805e98ac921655e088e40d409f3ee99696675ef140a6f94cbeded00

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 278
expires: Wed, 04 Jan 2023 14:09:37 GMT

GET
H/1.1 200
OK lsget.html Show response
ls.hit.gemius.pl/ Frame 80FA 5 KB
3 KB 53ms
24ms Document
text/html 145.239.237.56
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://ls.hit.gemius.pl/lsget.html
Requested by: Host: gabg.hit.gemius.pl
URL: http://gabg.hit.gemius.pl/xgemius.js
Protocol: HTTP/1.1
Server: 145.239.237.56 , France, ASN16276 (OVH, FR),
Reverse DNS: ip56.ip-145-239-237.eu
Software: GHC /
Resource Hash: 3a6716d37cd90218f0d2574530f4937da64fe491ef6561cc11346b5fe8194abb

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Accept-Ranges: none
Cache-Control: private, max-age=2592000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2723
Content-Type: text/html;charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 05 Dec 2022 14:09:37 GMT
ETag: PRIVATE7520710249
Expires: Wed, 04 Jan 2023 14:09:37 GMT
Keep-Alive: timeout=10
Last-Modified: Mon, 16 Jul 2012 10:03:40 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Server: GHC
Vary: Accept-Encoding,Origin,User-Agent

GET
H/1.1 200
OK alt.php Show response
tas-bg.toboads.com/ Frame 26A5 5 KB
2 KB 29ms
29ms Document
text/html 91.209.18.100
HTTPOOL-NET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tas-bg.toboads.com/alt.php?rq=e4f05a7d-5c06-1b76-290c-7bfc90da422b&vt=fef5447e-e76a-42e9-9ad0-cfdece5a463c&brand=generic&af=300x250&clr_border=FFFFFF&clr_bg=FFFFFF&clr_title=4170a0&clr_link=fac588&clr_text=000000&nw=0&zn=533338dda&
Requested by: Host:
URL: webpack:///../javascript/src/WindowManager.js?
Protocol: HTTP/1.1
Server: 91.209.18.100 , Slovenia, ASN8558 (HTTPOOL-NET-AS, SI),
Reverse DNS: tas.toboads.com
Software: nginx / PHP/7.1.13
Resource Hash: 6b1ef4fccff6168cf7ef61c86050808e9f1a905b89cbecec7428337e380c882f

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-control: private, max-age: 0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Dec 2022 14:09:37 GMT
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/7.1.13

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 37C1 5 KB
3 KB 87ms
27ms Document
text/html 146.59.30.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html?mode=new
Requested by: Host: ls.hit.gemius.pl
URL: http://ls.hit.gemius.pl/lsget.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-146-59-30.eu
Software: GHC /
Resource Hash: 0e4641d42f16ada968a14becb36bdcd0f12039819a281a9ccf6bfe26b990113b

Request headers

Referer: http://ls.hit.gemius.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: private, max-age=2592000
content-encoding: gzip
content-length: 2713
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:37 GMT
etag: PRIVATE7520710249
expires: Wed, 04 Jan 2023 14:09:37 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin,User-Agent

GET purposes-bg.json
vendorlist.consensu.org/ 0
0

GET vendorlist.json
vendorlist.consensu.org/ 0
0

GET
H2 200 custom_purposes.json Show response
gdpr.sportal.bg/ 2 KB
1 KB 211ms
53ms XHR
application/json 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/custom_purposes.json
Requested by: Host: gdpr.sportal.bg
URL: https://gdpr.sportal.bg/dependencies.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: e9b220c805348a7838456a6b487e3b23fa3534437804888f46f504c221c2d006

Request headers

Accept: application/json, text/plain, */*
Referer: http://www.zdrave.bg/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
last-modified: Wed, 05 Jun 2019 12:52:50 GMT
server: nginx
etag: W/"5cf7bb22-9f3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 64ms
57ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1cb0a40c539ea57c6cbe2c2541b83e25919fc8c39ce81e545ec897eea4232901

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10995
x-xss-protection: 0

GET
H2

200

rexdot.js Show response
gabg.hit.gemius.pl/__/_1670249377808/
Redirect Chain

https://gabg.hit.gemius.pl/_1670249377808/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fwww....
https://gabg.hit.gemius.pl/__/_1670249377808/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fw...

452 B
708 B

117ms
116ms

Script
application/x-javascript

78.128.6.44
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://gabg.hit.gemius.pl/__/_1670249377808/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrave.bg%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=0Q8q42SGcsq.VE3TnshADMeavxU4IwYOgDwgvcSCJDn.I7c1NcFKAKYuGyrqSZmP8ecrCgQgiledmzLbzmwgW95ZMMh9/pvsavFopcAFYb/&fpdata=084qUh6HyHx1GvooHuqsrr6n53q_7zNE.Mz85DHnViv.t7&ltime=229&inner=_ver%3D331&lsadd=&exid=638dfba1227a4b95&fpcap=
Protocol: H2
Server: 78.128.6.44 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-44.telehouse.bg
Software: GHC /
Resource Hash: 35eb563cf282f64e4290ebb53dbf13028e4b8477b4e6d83813083d39761a1c2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 452
expires: Sun, 04 Dec 2022 14:09:37 GMT

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1670249377808/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrave.bg%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=0Q8q42SGcsq.VE3TnshADMeavxU4IwYOgDwgvcSCJDn.I7c1NcFKAKYuGyrqSZmP8ecrCgQgiledmzLbzmwgW95ZMMh9/pvsavFopcAFYb/&fpdata=084qUh6HyHx1GvooHuqsrr6n53q_7zNE.Mz85DHnViv.t7&ltime=229&inner=_ver%3D331&lsadd=&exid=638dfba1227a4b95&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sun, 04 Dec 2022 14:09:37 GMT

GET
H3 200 container.html Show response
04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B7DC 6 KB
3 KB 24ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:37 GMT
expires: Tue, 05 Dec 2023 14:09:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A88D 6 KB
3 KB 22ms
10ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:37 GMT
expires: Tue, 05 Dec 2023 14:09:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CDD8 6 KB
3 KB 16ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:37 GMT
expires: Tue, 05 Dec 2023 14:09:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 98ms
60ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js?cb=31071116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 05 Dec 2022 14:09:37 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A2C3 624 B
919 B 82ms
51ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_7fT2gEwAQ&v=APEucNVH7CZMqD02mRKLPAvMlLOhX1LnrZ_SQW_06jyZJdqM3GjIy1TGd3SK36aAv_l3vdht1Gs42HWRhStHO6Lo-54289XUZzNxmFoW8nRu755timBSYEiJGfWCVTQwDgfZ9dgKFHE2aIFyZAZKiPpTG8PrabgTqog4T3JjSc02NFzYM4BLHT8

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:37 GMT
expires: Mon, 05 Dec 2022 14:09:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CDD8 82 KB
35 KB 185ms
155ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BvhE72GeYVzvEeI5TBoQzYaGAWvvUqHYU_YrXTPq2xNQbyqne6yDXVpzJgRyHjLoIp4FbVhfv5NV1qLYsltskxrdhSj4JYzSBmww3QAhf0SSE5nFrz4DPtC2Gbq6gRzAl5yoK-DwFmYq3Ijrqlb-GWyM1ygsYNDsnT6GrpKqffB4pthNo&dbm_d=AKAmf-CU0gU0uYZDYnt5uErvBerjqlBHYKhbSkY6sfFPiSk7IL0kPdH5CmO7jy5t4X_kJ3hdyIfAEGstcHmh9Qwy6JspnCckXffZQfA4_DzJFbxdQcL-oDMCAMc8d710WwrwaR379j7NjnGeJYyAWjervG1IjVKbBCKF5OH_tPmNaVGIsO5VKaHBU-xDPC3G2mkbW0Zr-N3-Ee7CzXcG2tWrTbEqloiQ1ejk3jRL8nMPFdqqL6yWj2ZjloE2yphCs7fGP9xMfLfdDKo8UuQPacGHNALdX_As8sc47aB1T9V5rkhvzTNA8zjNwRxLX369xT5-gOqudhl07rB2jiDacAP2dRpaw3OWD3soXj1uGbJSMuo1uSo0tY6yJygTapXQmm6hBCBir47eR9laMCP0_ezaRiSxzhlGfJOx0YfIfQbaRtucl-b2iZ0JU-Zp1_3FPhTA4-nBm0v3dX2Y6XXByG7OYS5giRXdVbGXMvBfDt-uduOz9SacXn3Z_KcmVyI1VaPmP331HwkhbnfHIOs5AamM8BS0SXj29y3a_jy_Zn4PEv5SvQ2IC-_zs4uWq937WQ4Gfu2RM7bzU7xCtMbsct0QTZUDK-02tVYhHkrY1IWLEs_NsKgrToHAoEqtwSEp1KIPWCyrLGtGUhXVO54Tc1vikX6wIofTcI3qaCMAxQ4L1QCGpDCLDRXEcqh3jFvz_sfN71rIW5TsrFmsfasoHww6Wj62T9-CuKtXhXj-8x6cBRfLxWMmNjXsefX5WS8-d-q-Fv4H2jJAMzRAw-ggTMmiR0YOlRU3zq57TtLfOHnTIYo-h069zFFWDH0iMS9Ij3DzLJEY0JZ0wi5ABDdek3-a7HoxxnAX2rju_O3BFgQevO7x7yurtaH2ny4rU6pv6CNetJSqMm3OEmWDfTHZsMiUgQXj1FJJnEkQHQKA9CFVIRrtlJmcFwlWeuvN9ciQwOyrA32_aZg80K9oHjTqSpK2yrMesflmYtE6MV_rUkjWU7iuzhMsoNmXZULGcZsPRDrdLoC-Dk04p-uV9GJRgl-6ioHz8i5nsFhj4Hwawls3orZpdsegEtX3oiJjTSqWw9LuF0FryIBVqN2lb2m9ZodK4u6Rz6XN6GVG4WN7C6Aua9tmHyzziwmtnrlmZ0gwxxR6WWLCTleHYCnsF_DFnfyG_A8-g7dpVAGSxxhyYjSgxV0KAV80tQ9aFSJeJUQioL5SSK0TlYyhv1xNlItiBxmCok_ryhJ3we8HXwlrKHjKMSfAFv361Vk4oBe-fNixRpnEUmwvjp-JdJRittZhlLeqXvA-TF9NKBHtMElqNwgkJbAT5YPzKWuaHqbk_LklxaawuNmG0p7RiUgBZPq5FHKpzeNQH47Y30qQ4c2G6gKGM-Kt64W2PFwvcmfPO6ZbeS12y_mBVn2VMa6PCZ9YGIpXF_kgteH11L6mtB3AzlDXbR7VNuYvxaJDu8YxZtHX89O-KOxTrZnLAS871bE9EgquZAJa87RPYwUl4CR_NxpYwbWcLOe3gcFlBI6OTLytLB5nJnqJ4iaC6VNB0bpmIAHrJ3kEozQluYQXKGc8HYkveSmoH0nALWh4meElHGijW6SaAQdpd2WsKxiStb5kPMnaBQ4pl7h93GtX22hhY43dtYlHvEIM54lMpdxofQceYDFGFFtQJLN-11oo8C_du6Je3dD14SWm6LCSpYDofKH9hlFMSU2dyEwTWNOZH9cI7OAMjUeuUGu67QhMHR38S6V7Rf01pq4zQYSFmiHSsPW-Oayk3kZaeFjwl8qw_dcp0hzQS5mtOqOBgf3fAFiG0MazLFmH6jfdpDT3ad1myJ6md-AZGdmLYMcOwG2Tp6Rlwwiy5qC_rgs0Tov-s-onHmslTGeXXq8ZxRTF8_REEhJfwxpl8kzkCzGqmtz_Fe4ZzS_SR8CMaU5B2QGipOuglwrOtvqmajMnV64cGl8-ytdatXZHFO6xEYQIP0bhZtrAL2bDkpMBkWR5C0CG00EIk5-D3d_Vl66BzAlwrhoczrvLzfM5gSOrccBdwRQ-elqbgBUERlVWBTP5R-Mlymn0O2DSRypUprhdJWe8g__vAPX4JudMcwoJiOGbJlA0Fp1kostJqyntxeDL3GsQl4gTO7CbpfD0_1zM0EAQJwhuq6AVJFupmIjARpog-yT2YH9QoLhj5Ep2CHR1MUx10D7DHTDCruLvVYeLJrIXvgeCLLWY57NcQ8zZj--0pJSBUEPTv9vNMFD8cua6kKlnT033sTlDaj4KAZWHVG47zrb8jWggzM6zDrG8m-oSKgse61Md-jQxtoL8xYdE-4_LGdXM_iwwt1MF6d_OUwLYYkTJFFLI-kFEwaYlu-MPNHR6lJFDTThfI8ZZHScjEhxHxnedbfL6bm4ihZreTnYrd2eSFCjt9UMJz6o1LV5q6Z4zSgNTZBx_FWuzUqYtxZXKls3Ymv4fRm5qFcl3OTgDwRqsaZjSklCBNvpzyDwT1s_dlB0Qp3jzRiWxaV-D2rNX5AbpIkmzbcQpe54JqFGNtptHqApAWUAp2PO0ENMySkw5IYkX4PoULxQbxNINhxcXrHdIEYpk-lO18SJ16BC5QFRtq_wzx1WUnjmJX9Hgp2so6KYqx7LfFvvgV4_NY0lBysdhpqrEYDgPJ15-H_BQhvNCDCDIt4nlfZSprty1nbiiBDFt5Iw5NNrr5nzpGW7CLmPDnpQizV9lTJn9HWFHsBB8HiTOBMvB5-Xt_7-JCsSAwAXWh1tyREdXtowdGoO12j6PU9vRi2xhjqK4Dk2x8j63PTAWwbXH7kTtCybd1bxR00fPFedtKns4Da6m5Phw2MDvFuQCnnH42o43mznnhfeHAEk2Du-Z6DPOvqIi_91k0XQuPByBraXRysKdo3AuruUD-LR813wi1zWydBt1xfHPBl-dzxM__MPuTHAMdde_4CmlK3MY0s5cI9kexTcnQC1h2EpO_LcJk5wkhyf317BEZ86vUFsNs9130AcyBAm9VXAOHzW9smmtPWSoAC9lPR8qgmjbTRMVFZnd4mPcr7jUD8ch0o0FltLikhquFtNBdDyfTlX-Lf7lON-wGoD_RlkT5Dqx_Ra7WRG7T6cgXuK0UKpj2Rs7472P5JiykoPFl8RFkKgZlWNIKA65-FUtdjYWwIb75pu7Ee_jRoNJjyNPBM6oW-52BsI6pV3jkRwceTI2rYb6CwMjLOxQO7sct7ib7qNHJszywt9nPULxsVSy1M-CDvLoH7G8nBSj8b-ar6YNnruQRJ8BfALrE0zaIQpEtrN68-5EFpwTYXz8P01z4uHTEtmgoLrmJUDfXbrFrsWSljBwODAxs9r038ka3vQcN0bbGS24fxBfuw0yrSjVt3pFaHExz3XPAelaNU3EMazlqzbjyvVR9QAQEhzoL0MlqapA3cjwIe_ktnDnvt6zjvkEPFM02reI5U41k1WXSaJi8T4YRjaHUTD0qPU7tfEU-UN8gPN_DAhTq5xahXvSxS5FKRvxSzuuG6WRVg2DgHn-2f7UOsu_TTU5qmtTV5hUaAeCbdFmxYs5iizWWD5hO1NrO683_NR3U0VkzWej2CCNckwIe8jVvuOZpqbXU_vQ_K86zc1-ztlt9kGQIt2PBXTdpdC-kUYVodZxQm0oMsiPAzYsCCTGj90VkD0fHBhgKnl37kj-YK4tV_S9PA_IKdQH-dTWkRXicwjckZOv3B3YYW-1eTC-GcQ4EJwqThIBrEsIc11QBWle2A&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&rfl=1%2Chttp%253A%252F%252Fwww.zdrave.bg%252F%240

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc8728c1496b8e20ec1aba0047942d310261ea01954c81bec4be55ecfd091ba8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35345
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CDD8 42 B
63 B 111ms
109ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bd08evO-AKlCzM09wo2qfh3IKxtJ9K4e-_ZuQiyOK0Aw1sHsLu7TpDsXlzP_wflBUIyP4yj1PmNw55ViN5SBes4MXNqQ-W81GGJWoWwjaz6FFAbvY

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame CDD8 3 KB
1 KB 19ms
12ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2683
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 13:24:54 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame CDD8 18 KB
8 KB 16ms
9ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 14:56:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83608
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 18 Dec 2022 14:56:09 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CDD8 155 KB
47 KB 58ms
43ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48508
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1669811598765935"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 05 Dec 2022 14:09:37 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5C46 624 B
505 B 77ms
53ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGLzTzdsBMAE&v=APEucNUc4F6o5XfohtBpqUItxOujtZaMrwtrX2B5JtQ0XnHqEH2puw_EZK_xObt5V6iLoTKFlwzEZ-TrVvt-P6-RPbR7tLmQudE08jEc8ity2Dh5m4rkwhhXcbewXWqi9sKQn0KKx4rU8PDFSNvxunyi4hj6WCdxbpu5V57i8ZQ9HCnpxOpIJ-c

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:37 GMT
expires: Mon, 05 Dec 2022 14:09:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B7DC 80 KB
34 KB 84ms
60ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AfqKfyFGq2kRaHRlOQjdMryFhZj9U094QaHnlHIjCOr51RD4MzSvHy2tujzZmvO-IEem6sj-pbAxMGc4Vbg3sg2wAe4nHiLCOTdS3pyJQiWiG23Gn5DezHQ9p4H6bseR-wouGmXX9NPQU2Y1vqHxZ0omNscXxr8YYwHj2iWdbZQSPY3Qk&cry=1&dbm_d=AKAmf-AkUb6swzIWAXKhHUDW-ItzJttIKvmzUh4mrvBG0Aqef-T1ZSvuEbWlddotl5FaVb2gpZjm4PGRlEoISn0ZNRi_zOomc5bp2OGsuWdOSxaZ33LT3LvF8UdcUzQZU2neZtc26QvxBXxnP8jxpu9he8vFlmWucAHChW62P5Nk0D0Or462D4GCMOayl5kq7jWNoHpUgY4qaB6cZ-X0rGBLkurzaMbZWrzCi_HLLuvPmfyzWUxZlkg2dLIyJQFQd291jnbzGUe9kZ5UjL7vm5Zcq9e1whsRMYMt44zbs1gBofDxZYugGXiFg58GKvxlmDCNdQEZkltCn2lGz6vpybQavFy1HzUxwNzlfOxYXsSS4d_wbF5eUZhx33FIbfM6C-IOpHr8nt--TtMMOpePpHzoLKiXpqKPHXN0VioduVBy-j0iRuMxNYQs-oMx_1MgrzAFFIU7K954YCrsvaGMYKfwxBY1Mo1SEgLJKmGuh53_GX3zmmJgw4A_bMOnyaJjpPDBVkDtYBu4XymQKKLATrP95DO-vD4vvvVqYIXavtaMy5nMLS5qRNPCw8aCE2Crd6tmVrmGBJy2rEuY7O3SIjGzArzQywIApSqUlTgZpAtKrEvaXp4PrlVlWhMhDj0I51KvZUI9eT5OwZodmHWUvTqFW0b2laVoMhnvlRovpaWRux31IDawnND8OOVGOli4hwQkxuyCtaFcZWQHqRsZCaQ2MomdZ2KJj0YsqjdYo5JRBdN7RGBipzseiifPJwSdKX18xzPZzoLQfzaNJEZn9mmDyvKtoJXL0v9qAYjEsLLcgko6jbNSLfOtiYd8eTDrv-0brbddbYvVrOfDzImq9qKpktDFxfpKhAEfdVcKsuYebeClS9-SZ9h5H0S-_aHW_OgYVIEyR78bww8o5ShqI5oQi0WUZ2aT7so8iIYRaeqPlclkyHvfZZwSOGO2mlCaKLsG86omBdBVC-q7MCq0W9XV2LVlhp_y1fph1RG4egx-7Q04ZvemngQEnwBeIxJXyd269vjq0RBt8_jCIH79yfdkghAgNzHYGqE3EwE947_o3kG66_eQdnZbWmlJr3ACpprnnkNAm1SYcqIYJuah98rel-7ehQZYAYVzwLbLsMIm23qiTEk72F7GVCV5Rkt8Xjm_tUoWaGT4ooeUbo8ANhwCuXRdCJ2QmOkz_t_EEqv49cVkJBQNHy_7f0N-2_QZMdzM5-PRVaTlhqpVgyrZw3yswpngQPdPIDcHfA0QQYdKsp8-3FyieoKNZjV5TwRgUW_dOAj6e9w66bR3BKGgmtgC69b0dYamTFBmVpysUMi_LlPwUR0XFyoRYzkFXw_ak5gbeb9NPv3cCDcfQez4KKtxdP68ppb1t38zM0An7Qx59E8Q8k5ikgSphd3-HcmDtN8qKWhnwMKjBATs1EeNs7piGmQgrHInSFDB2ZyR0Dw3tSOJOLJwabiMnqqaU5xaC2h0Ohj23UdSn2hdnCNpliGhAXPB7bJ81o5fAa8VnWsbb60wtIh6bSnc6h7aWKeUSGPzTpXrNSXzqXoaZ6prTY8m2-cq3Muw2R0Kiz514_svkPoAMtsID1DFivh4svi5X2Xn3PUdzzjW3UfJAYUjWZAjhoYHGe3MdxCJjlX7i3G3f3YilXdxBXwgZai4eklcVTmEbOuqGLhFk63Et3yv-cuOiW47ji3oP2DTg91POfdLRLbzhoOEp-4Af7HkgjXVWkBhYOx38quoPgRm5WipvdedmLEzR1tZOfEht6wMCspGxqCTExw44coKnnFFNWpFB_5_5Ax175hgbmwnSRBd1DUDFl1JN31C8JxPgnWf1y4dMCkmaJQ_9DehZSJXE0vi2f89f5fSfXiv8v0m18hdKBgwr14au5O3P8q5Tuod7Z8uzy-h-foy-ApHvgXTayycGGj4I6AjqpYrXOz8l2lHTVUI_cMEy7o4xTN84euR3B-noSQ1_MWzY97SUeGdrXYnuFWAI1LRBHOT7PGcdVzMDm3J7i2q3Es_7EZrHDAlfMtfYnCE0uX5Klk0Mm7WecA6MAI9UJAQv1TvDvRn5n-inKi2mYjrju480HhL5i9VnfAzNYItzK01hD9zv6uTy-z-SQ1jpAn9HvSg35I4Ro1H8hGYlewQFzoOPOPlPcISmop8XgWv8XmS_UCvVUqNuqBFoB_Izzbp3seAzMlUt1W5SwpVCJfTwaek-Fs4G-dQU6Rit9lYuUvnXLGFrVfcyzFIOsyltc-qLFp15FXY7_Ebpt6zi3NVjtfq5D2HvwM1hdMnWoNHjej4wgOGkmE1DGlzyX0dSQphbigAWotPXEnw2Z77siL4Cu5ESrwthuK5kNd_vFvrU2xxZYS2x3-MZo1G__VBTGXQ_uyprRSHLk_4nRjlUMfBgnExfOaM-RclarvNoqAIKFW4folZR3bbx3Z9rw-1779ZYBXtmIofHCzw_rXXWLjvW02gjcQjxtBZcfqb0X8_OcbRgZg7h86XTqNbiw8yqXubS11ARa0u8bDMigPlMbI5cPnTvYHyEd5p3DkW4tWjzbX1ZJkhyGEvKhU2TXzSQOvdtBT2LOTNQ270XeLaflUccJzWa_edjZn5FKljUFee9vRBnZPYVWO2l6QA8_OZXhCVECGoybPTrpIT6W648yCv6xHoYaGw6MolOqfmDsDlCVgS6gv1Nww5vAchShDVDVHyQPGJm_BY0-UXYNN8Nf3uuNtoDOC3F4N6-GARqzic8K6rGyWzD3JEZawl8G_sMNLTai8_NbHUAwTSTEk9qTils6nAKyFgce6Y_0YMQmaDX9Xjw8t__Leotw_2ngrsNbmZkk6gFcYO0Hb7tu3D0jHgy3MQGcC33IfWu5oR4-zJx34qiNMhWKrTk16A0tvu50imHedfTm67Pep7JKeiEd4kc1X8-m7z0KBy2itM0s5QcnJLrKu1gVStWO77Cj6MvSeW4mvG6Z4b44plpFxxPdodHCWNpb4tV5E7df7dEhUElPOuIO2XxN4fhrMS7ICk-LiUsitYQDXvy6DbrgsUzwIC0J8vTEi6WgHR78SCIyz0f7CQore9clzakweLmjUQ-nKsjbnCNl3In5xODi3Aji01qyqF2U2gicBKiDGR_b4OvjGuo2nJSIzmUyXrh6e4S8t5n0XEV5fDY8YIAhmgJ-u9Iwr9k4I_QcoV0LuVn-cyPQw8lwK79P3jc8jA17zYoKcF8098gazRiFNq-zdAK2i_Oiee-ooYMCImqwRPTA6gtR1TBBN4LBfaZpNAVu0IVBX4lrIpLJpPvaEGqdkWxqeJQhkcaW0tHamTFfbT_dRkOxo-Rv_dr92WybQXGSQ1EqDjaXAsRhk-JFwCOIHpD3EIzAcwyrgCwuvYP8OhKxgR4bZfB1EjOr1-RvbW5HDLYGimpQJiClz3Kg1eLku9z2pn-VBc-3daeKAQ9P84j2RZVDAoK19ruVDlkIN9MqyswekDnipTq8XzK4omWIPDSyUJvJJIkYXpdcuoLvh3Y_y6oJaiUgB3eU7HLn0r6b_BW17w7KuxvuDHqEF8cL_xpR4mgQPb_BNXWxipWiJRKzwduSCqLdKPu62nbyjaUYpokew0yPxt&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&rfl=1%2Chttp%253A%252F%252Fwww.zdrave.bg%252F%240

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62c20338589681fa90505e17e71276bbe312144ce5f3d80d3ca3a540d5e95d93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34747
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7DC 42 B
63 B 108ms
107ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BY5TI-ZpgGXHE_Ecr0QtS4xNRrnFD4Tl8mYQqr1rq8kgtvOnh29qOo1WGt57zurcMX9YnD5nUzlyGSUj61L4sNmLrYd7p4tNmBX9-eumcYqZTbj8w

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame B7DC 3 KB
1 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2683
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 13:24:54 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame B7DC 18 KB
7 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 14:56:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83608
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 18 Dec 2022 14:56:09 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B7DC 155 KB
47 KB 65ms
55ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48508
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1669811598765935"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 05 Dec 2022 14:09:37 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CE89 624 B
506 B 69ms
52ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjuaBCznHAYquKL1QEwAQ&v=APEucNWF82y4nrmZdAwHYWH4ZXaDPxgBi9K45Fb-ESYKaEtoI17wZe2TLLVh2aSHRqGtaoJxlyNgBsnH59PCpTpIpWsiQ_EC2y0560TqdL5zi9CIWEsj_9vMMUHPBeoWHOUP3q8mXLDSJJlOX0s3lfpQSaQemSr057r33chA56Yw0DfShO6FQ3g

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:37 GMT
expires: Mon, 05 Dec 2022 14:09:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A88D 84 KB
34 KB 92ms
75ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BfFUq7iWw_euxH3GMec7UHGpj5oDV2a__aUzvNRec4Ti14Vek_5RhEDmcNzN88xudsH3oC4_2a1irJAWZsLspvDkSarfFPvNVri4qYgVsnZX2Fu_KEsZVrXbTvWd5JEbB2lzh93VlX7S3z7nI6PdbRZW9JpH_RdS_Sg58OvevP_OJrpstmcJ0CTyTLZYyD7drJl3cL&cry=1&dbm_d=AKAmf-AE44S5Xil45cnKdbp5SpOn3v3frw2S8gEnBP00GQAuTbkwD0RNuZVtb-BI6f8kCOV8BfmjXxEf7XCUqGJp2V8z5fI7SWsjFM6QU8-q3BRtQgDRfDGJOG5SQHenwGX8yk0fSDQpQ2nL7qnO4Ckpjc_2A6wxndi0VO1cbDd1aYpMg1WDyrwz34l6_arhbmQ2DIoUSROc6Cth-vU7thbZxd9k-Zn2FXlLWJHPELtGGxgA7STIULPvo-kYYldY6QF3sVBjRdv8OlvMyhE91EsXGmSbEBAnT1_47K85ieh6xr_EESY-b4rpp5ZGAMlS_8ivweui7NFHwTMW4nMT8-X9L5mlWU-_Anrlv73Ky_ng5OqUvCj2oyMhNPlXgCpmWx0NWoO8M8635HOC4H0yerdW_sdNsnb5OA5NiVXVqJd52AGRMrSveHCRr-ji_SYtFUceCDCLMtWdyuIdntyTGUmsG-VeOmAsC6V1N695MK1zQiLHpqw9_bH26ztuSHyWz2OzDX58lUKytecwajS7SDW_SHnzCpnXll7yJSBAAZv6Wr2Pg61scvM26eVSbM5um8cmbi3mOSeCPtLESTFQbMnmtHVzUqgdaHlllZMWO-mhJiFpx4YulkZV4vY3nQxakMIVRfcWdCF2397VQUfLAr08KuOX8i7Aemz3uqWh2I-WKaD1uL8KopowQ9Z8-QGKC69mLOQqiGrQsNJErSQ2eWPsJB_dK1uv3YgOonaqYRIT0gwSR47U1U7TRQCPvXJi8ZmojSMY9A_rwXddkJS89HIMqCi6cSfCzMJrZJDpV3FNdlB5gD7n_kNlBDOA43GruU2l6EqayrAcXPnub-UtrtKn7pE0hSyc6puYD4Ds8hHB4X9eV_qD9kUhPvWHBn9ZMuEFWG3bv-5nWeqvolK6Ucr7epgwjI3Yt7xIx8KscVOcXzdIE947fgh_Igg0S4TK-PumUbBjLOFnEcFILcPrL81fUdErOdp1Y5NdSCThRdTrEyGAJx_7r5NYWtz2LeNH-pUZ-mH5-0IaNkEIEL8jZFZeAZMdEgY62ytoNyAIaiT4Uw6FvIIRvOxqDdZ1L29-15lInrqbTOk23zLjvVj6LUhG7kGMEIBy3kPEhoQvHEBPGz5bAmQ1_Q7BdkAq-ACsI4R1qRMo_sMzNYj_0CeOovnZtVAH30M1kOJj7QhWVnq7BrcqRuT6LxPyOvNyJPL0veEutF-PVl4v1rKUKG5jpPa6fT7m_6Gp3KjeVmpWqCpPzmQsiAQavjRaROkG9gY7uQpk5eRahNxta-3NEgd5fMAOrFMBzirLhxVmgaVBjSWZ-J7ea5guua1HqqjiMooLNMwdLC7WNGGVa6MNzOJ3Znn3VDFXOdKomPRKTxwab_R7hAEsXKv2EhFlESHYi6n26xuNr5lXk-sAKiWVgBnR2B4x6xNYjMj4gzf3LbdPdQWHjC7bJshWGmiO_bxEb5qBursO5MGb9E4HVhJxzdXeJ0nY_veyybTZPFLnFr-GB9vNO1Cr76J0r1eISnCNrAKQ2yRaSdIa1A1L8MitgRB8F45POSNsRyeEA26sNqhFFz2_U3vdFXql4ki_0QLSJftpc7hcgR7HjKV0Idtx9hrzEY3tnQt7pFTpSlHfb4QfFuKwPtizz5HJLt-ekyiIogMtfQnW8T3nJcWG27glFDpu0LCymzqsS_TOumynugo3czP-O7gGS3-SKA30vvSGu23rjhQ1JTMQ2s9vYM7rB8UySk2gIuVrH_obO-hqWz7P7UUdpR3cEVOhx9TxJ7aCyohygWrx9zhCL5D3D-ClvsCyp_Az0PjvPYFG536kMvhLoXwJWM0o85fjfHoHL0JOiE4zn0WrHRP3hLMu_y2QMUxeRmC76Diz6I8qfRqB2cAN3jFezXR8eK2qDhr2hXXWg3YzyjxUM7jcnaEHRPmAqc4S4oaFNEqIVAxUd6qHU-Kh1q_9S8nuB9-Dbq_pgSehhx58nfdCNDXPC4f-mBck_A--cL9ZDm-0VPdJ1NOFxZ5_ymqS-XzJyoPljq5Q_EOXGk2MgDPr-h2u1KIcgKNBxLtRJxWeU8tO416wObCRpDn3BEr4aw2-SUNCc21pFpNZ1YHSBsyDjb3HiJfHcUOSTIiEhodn-WxwM81Ax6WNQxogCEK56CDG3cjJmvquwRcuMjxS2drgDJeWkLK2B4ltdH8WTNNr34XzwxNRt8r4s-WkNOd1sRqqUS6ypcnFdrQIV-a5cG6Fnoq27CeWnzkHRla4Px_Zz1pMVHF4b5_jcsdkARgH2gNaDNlrLQ2ZBl_ktCS6342GYTENVmTquftQUObsjp4Y9NZlxU8i8lPRgNymgCG55p0y_0noOvPqrh6YhSosOffp9In5B8sgrMz6hIzUvMjvQ9tU4wUDzhM2KNuWe59RkHTOnh4QtTBYQlDVUlUiR3mFKtsMy33EIwgrluJSBct4N-JdmTg0ixLWsedMNb7U70NlyyImltd9G5p4eCEyYbh6j_XojVNKRsbzIUvonz-PQYcq4O-wkRv8eZCJLnK838W1DXVmSm-8alQ-2XBruObcf-8RhIbvaA6YuXx9xJKKdc8Vl5OZ5GUj9qweVsWW-VhBsslV1nlnZvWeIxvgvECIBt2latraacT_hveKqA6MBTLOeRTkAUR5dW_WWUOOBtd3lELtk1CQl1rjci7hApG1XgVQTUw2L49dgjWBTS7UvmlUZQXHHt83xeZ44p4g5G9pgWQaiq0yBq9jSt-bnw9occfJ8cYa9zgeB88T6qmOuanabB2HWGuzBSNmP-XmG6aQjk5zAy_UxPA6ZYQoLTMHUEGjuRQzTpsAB7jGBPnyN0WGNa5IlVoR_3TB5OAmPBkPznfI39Q_R8vcTcubKDsDHSXvsKpk18R-PTERZncgcTxB5D4Jz5i7iOdLaQ4ekYwXy4o5yT0-_IQtQDBtVSoRNgJNNf1h3gsx6xfcGrd0KDgovmiSCSpwFeOQTlZ0hf-lWWLXq83BM7Es77Ausz3KYkAQG3EcMmmjYdD5FhukEY8DdKKzk_OUG2rA1f_vnVNpCxdtitpYA1Zr6BpAHcLlL9fAURZ_rPpRmTyARWQ92q258FANdPndk-g-ArKgtluJiGNuoleAIXflfJXmjtMRfQBwbKFQeE3JRThwSh8Dw2O4gZd_oI3Nz_QjVF17OdhW18Mn_BtAWfRC_FJhK8HeeRbWE7BLtvqEdj4p3qaY3m5iJZCKvVtvYP1jKXPZNwFFYBT9_n0c4bKn9EifDqPGXI6ZgqHfQjQHpxQl125vANE2bOFE0eE1t5uprXQj93x-9F08cEbd2UUsX98cr4vYHIKB1HQBbD7032_CJjHJ9QYXouwtjlY5UweCGOOJ8lgVohqSJGJGMYrLJu2B5EKRRZaJU6MrsUfVN3AX-sHCVK12M69fFqWGT0f1bbP6St_VfLhFAuGXSgnWGZPjW0WmagDJyJ9ngxIfhVXQzTSTALNoGoupaSAZ8qn84dKLzShEFx3XBXD6um8vKrfCwCU6r92K24k_wpdBbRCuOyca78QZx9DXGPMn5QQz9w0a2pb-yZoSkLiIMMUnJSrpJQ3_pIcVZ8KKYeMZb9ezEMQeUmA1UuRA7w&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&rfl=1%2Chttp%253A%252F%252Fwww.zdrave.bg%252F%240

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

541005c082e642b1dc10bd00c96a49f3c581e3f2b40690c97baa06685adcb87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34966
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A88D 42 B
63 B 108ms
107ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A-m6aV9ioFWP0W5qAsZOAXbRvPY4_eRb-fBTOWgj3NEz9KRawxTxamtUjKK-HI_QNDiTLpzQb7VCuRecZZZ-2-dkTj28GtriNtlVLZks0QOd7gJOQ

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame A88D 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2683
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 13:24:54 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame A88D 18 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 14:56:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83608
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 18 Dec 2022 14:56:09 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A88D 155 KB
47 KB 62ms
50ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48508
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1669811598765935"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 05 Dec 2022 14:09:37 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 27F5 13 KB
5 KB 31ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 401
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:02:57 GMT
expires: Tue, 05 Dec 2023 14:02:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D0FA 783 B
1 KB 52ms
16ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5d7f62e31648500601d00fac1e75b9bc485f37834d6a71ab1e33e1c006fc7829

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gLvyeJwGNrBLMGN668URZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-gLvyeJwGNrBLMGN668URZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:38 GMT
expires: Mon, 05 Dec 2022 14:09:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A2C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG18SABHX2X5HQmsldqhHVk&google_cver=1

43 B
766 B

14ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG18SABHX2X5HQmsldqhHVk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_7fT2gEwAQ&v=APEucNVH7CZMqD02mRKLPAvMlLOhX1LnrZ_SQW_06jyZJdqM3GjIy1TGd3SK36aAv_l3vdht1Gs42HWRhStHO6Lo-54289XUZzNxmFoW8nRu755timBSYEiJGfWCVTQwDgfZ9dgKFHE2aIFyZAZKiPpTG8PrabgTqog4T3JjSc02NFzYM4BLHT8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG18SABHX2X5HQmsldqhHVk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A2C3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y437opF07vvHLXM5gpFc7QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1

43 B
766 B

14ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_7fT2gEwAQ&v=APEucNVH7CZMqD02mRKLPAvMlLOhX1LnrZ_SQW_06jyZJdqM3GjIy1TGd3SK36aAv_l3vdht1Gs42HWRhStHO6Lo-54289XUZzNxmFoW8nRu755timBSYEiJGfWCVTQwDgfZ9dgKFHE2aIFyZAZKiPpTG8PrabgTqog4T3JjSc02NFzYM4BLHT8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A2C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

43 B
1016 B

9ms
9ms

Image
image/gif

37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_7fT2gEwAQ&v=APEucNVH7CZMqD02mRKLPAvMlLOhX1LnrZ_SQW_06jyZJdqM3GjIy1TGd3SK36aAv_l3vdht1Gs42HWRhStHO6Lo-54289XUZzNxmFoW8nRu755timBSYEiJGfWCVTQwDgfZ9dgKFHE2aIFyZAZKiPpTG8PrabgTqog4T3JjSc02NFzYM4BLHT8

Protocol

HTTP/1.1

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
AN-X-Request-Uuid: 44f12249-3eee-4a1e-8795-e0329efd5ff8
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A2C3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

170 B
243 B

18ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
AN-X-Request-Uuid: 5cd765c6-5024-46f3-b83e-58c3ecb0f7e2
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CE89
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG18SABHX2X5HQmsldqhHVk&google_cver=1

43 B
766 B

15ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG18SABHX2X5HQmsldqhHVk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjuaBCznHAYquKL1QEwAQ&v=APEucNWF82y4nrmZdAwHYWH4ZXaDPxgBi9K45Fb-ESYKaEtoI17wZe2TLLVh2aSHRqGtaoJxlyNgBsnH59PCpTpIpWsiQ_EC2y0560TqdL5zi9CIWEsj_9vMMUHPBeoWHOUP3q8mXLDSJJlOX0s3lfpQSaQemSr057r33chA56Yw0DfShO6FQ3g
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG18SABHX2X5HQmsldqhHVk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CE89
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y437opF07vvHLXM5gpFc7QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1

43 B
894 B

16ms
16ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjuaBCznHAYquKL1QEwAQ&v=APEucNWF82y4nrmZdAwHYWH4ZXaDPxgBi9K45Fb-ESYKaEtoI17wZe2TLLVh2aSHRqGtaoJxlyNgBsnH59PCpTpIpWsiQ_EC2y0560TqdL5zi9CIWEsj_9vMMUHPBeoWHOUP3q8mXLDSJJlOX0s3lfpQSaQemSr057r33chA56Yw0DfShO6FQ3g
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame CE89
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

43 B
1016 B

9ms
9ms

Image
image/gif

37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjuaBCznHAYquKL1QEwAQ&v=APEucNWF82y4nrmZdAwHYWH4ZXaDPxgBi9K45Fb-ESYKaEtoI17wZe2TLLVh2aSHRqGtaoJxlyNgBsnH59PCpTpIpWsiQ_EC2y0560TqdL5zi9CIWEsj_9vMMUHPBeoWHOUP3q8mXLDSJJlOX0s3lfpQSaQemSr057r33chA56Yw0DfShO6FQ3g

Protocol

HTTP/1.1

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
AN-X-Request-Uuid: 6b73691a-2398-4417-84e9-88270440d20f
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CE89
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

170 B
188 B

41ms
25ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
AN-X-Request-Uuid: fc654285-3605-45f2-9e65-24e42b1fdd88
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5C46
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1

43 B
766 B

14ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGLzTzdsBMAE&v=APEucNUc4F6o5XfohtBpqUItxOujtZaMrwtrX2B5JtQ0XnHqEH2puw_EZK_xObt5V6iLoTKFlwzEZ-TrVvt-P6-RPbR7tLmQudE08jEc8ity2Dh5m4rkwhhXcbewXWqi9sKQn0KKx4rU8PDFSNvxunyi4hj6WCdxbpu5V57i8ZQ9HCnpxOpIJ-c
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5C46
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y437opF07vvHLXM5gpFc7QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1

43 B
766 B

15ms
13ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGLzTzdsBMAE&v=APEucNUc4F6o5XfohtBpqUItxOujtZaMrwtrX2B5JtQ0XnHqEH2puw_EZK_xObt5V6iLoTKFlwzEZ-TrVvt-P6-RPbR7tLmQudE08jEc8ity2Dh5m4rkwhhXcbewXWqi9sKQn0KKx4rU8PDFSNvxunyi4hj6WCdxbpu5V57i8ZQ9HCnpxOpIJ-c
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECmUr398y2WMh-mhibnlIGc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5C46
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

43 B
1016 B

37ms
37ms

Image
image/gif

37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJLb8f8CEPiFm4EDGLzTzdsBMAE&v=APEucNUc4F6o5XfohtBpqUItxOujtZaMrwtrX2B5JtQ0XnHqEH2puw_EZK_xObt5V6iLoTKFlwzEZ-TrVvt-P6-RPbR7tLmQudE08jEc8ity2Dh5m4rkwhhXcbewXWqi9sKQn0KKx4rU8PDFSNvxunyi4hj6WCdxbpu5V57i8ZQ9HCnpxOpIJ-c

Protocol

HTTP/1.1

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
AN-X-Request-Uuid: 932a7831-b619-4e8a-bfc9-348499dfa8ca
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBj4lsR2Lg7pyNm28GDBLWA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5C46
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

170 B
188 B

32ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 05 Dec 2022 14:09:38 GMT
AN-X-Request-Uuid: 5e36326a-3bf2-4a37-a7d8-f9c388f976d9
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMDA4MzM2NDE1MTE3MDY2
Connection: keep-alive
X-Proxy-Origin: 146.70.117.69; 146.70.117.69; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame B7DC 106 KB
38 KB 35ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Origin: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:38:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19898
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 08:38:00 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame B7DC 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AfqKfyFGq2kRaHRlOQjdMryFhZj9U094QaHnlHIjCOr51RD4MzSvHy2tujzZmvO-IEem6sj-pbAxMGc4Vbg3sg2wAe4nHiLCOTdS3pyJQiWiG23Gn5DezHQ9p4H6bseR-wouGmXX9NPQU2Y1vqHxZ0omNscXxr8YYwHj2iWdbZQSPY3Qk&cry=1&dbm_d=AKAmf-AkUb6swzIWAXKhHUDW-ItzJttIKvmzUh4mrvBG0Aqef-T1ZSvuEbWlddotl5FaVb2gpZjm4PGRlEoISn0ZNRi_zOomc5bp2OGsuWdOSxaZ33LT3LvF8UdcUzQZU2neZtc26QvxBXxnP8jxpu9he8vFlmWucAHChW62P5Nk0D0Or462D4GCMOayl5kq7jWNoHpUgY4qaB6cZ-X0rGBLkurzaMbZWrzCi_HLLuvPmfyzWUxZlkg2dLIyJQFQd291jnbzGUe9kZ5UjL7vm5Zcq9e1whsRMYMt44zbs1gBofDxZYugGXiFg58GKvxlmDCNdQEZkltCn2lGz6vpybQavFy1HzUxwNzlfOxYXsSS4d_wbF5eUZhx33FIbfM6C-IOpHr8nt--TtMMOpePpHzoLKiXpqKPHXN0VioduVBy-j0iRuMxNYQs-oMx_1MgrzAFFIU7K954YCrsvaGMYKfwxBY1Mo1SEgLJKmGuh53_GX3zmmJgw4A_bMOnyaJjpPDBVkDtYBu4XymQKKLATrP95DO-vD4vvvVqYIXavtaMy5nMLS5qRNPCw8aCE2Crd6tmVrmGBJy2rEuY7O3SIjGzArzQywIApSqUlTgZpAtKrEvaXp4PrlVlWhMhDj0I51KvZUI9eT5OwZodmHWUvTqFW0b2laVoMhnvlRovpaWRux31IDawnND8OOVGOli4hwQkxuyCtaFcZWQHqRsZCaQ2MomdZ2KJj0YsqjdYo5JRBdN7RGBipzseiifPJwSdKX18xzPZzoLQfzaNJEZn9mmDyvKtoJXL0v9qAYjEsLLcgko6jbNSLfOtiYd8eTDrv-0brbddbYvVrOfDzImq9qKpktDFxfpKhAEfdVcKsuYebeClS9-SZ9h5H0S-_aHW_OgYVIEyR78bww8o5ShqI5oQi0WUZ2aT7so8iIYRaeqPlclkyHvfZZwSOGO2mlCaKLsG86omBdBVC-q7MCq0W9XV2LVlhp_y1fph1RG4egx-7Q04ZvemngQEnwBeIxJXyd269vjq0RBt8_jCIH79yfdkghAgNzHYGqE3EwE947_o3kG66_eQdnZbWmlJr3ACpprnnkNAm1SYcqIYJuah98rel-7ehQZYAYVzwLbLsMIm23qiTEk72F7GVCV5Rkt8Xjm_tUoWaGT4ooeUbo8ANhwCuXRdCJ2QmOkz_t_EEqv49cVkJBQNHy_7f0N-2_QZMdzM5-PRVaTlhqpVgyrZw3yswpngQPdPIDcHfA0QQYdKsp8-3FyieoKNZjV5TwRgUW_dOAj6e9w66bR3BKGgmtgC69b0dYamTFBmVpysUMi_LlPwUR0XFyoRYzkFXw_ak5gbeb9NPv3cCDcfQez4KKtxdP68ppb1t38zM0An7Qx59E8Q8k5ikgSphd3-HcmDtN8qKWhnwMKjBATs1EeNs7piGmQgrHInSFDB2ZyR0Dw3tSOJOLJwabiMnqqaU5xaC2h0Ohj23UdSn2hdnCNpliGhAXPB7bJ81o5fAa8VnWsbb60wtIh6bSnc6h7aWKeUSGPzTpXrNSXzqXoaZ6prTY8m2-cq3Muw2R0Kiz514_svkPoAMtsID1DFivh4svi5X2Xn3PUdzzjW3UfJAYUjWZAjhoYHGe3MdxCJjlX7i3G3f3YilXdxBXwgZai4eklcVTmEbOuqGLhFk63Et3yv-cuOiW47ji3oP2DTg91POfdLRLbzhoOEp-4Af7HkgjXVWkBhYOx38quoPgRm5WipvdedmLEzR1tZOfEht6wMCspGxqCTExw44coKnnFFNWpFB_5_5Ax175hgbmwnSRBd1DUDFl1JN31C8JxPgnWf1y4dMCkmaJQ_9DehZSJXE0vi2f89f5fSfXiv8v0m18hdKBgwr14au5O3P8q5Tuod7Z8uzy-h-foy-ApHvgXTayycGGj4I6AjqpYrXOz8l2lHTVUI_cMEy7o4xTN84euR3B-noSQ1_MWzY97SUeGdrXYnuFWAI1LRBHOT7PGcdVzMDm3J7i2q3Es_7EZrHDAlfMtfYnCE0uX5Klk0Mm7WecA6MAI9UJAQv1TvDvRn5n-inKi2mYjrju480HhL5i9VnfAzNYItzK01hD9zv6uTy-z-SQ1jpAn9HvSg35I4Ro1H8hGYlewQFzoOPOPlPcISmop8XgWv8XmS_UCvVUqNuqBFoB_Izzbp3seAzMlUt1W5SwpVCJfTwaek-Fs4G-dQU6Rit9lYuUvnXLGFrVfcyzFIOsyltc-qLFp15FXY7_Ebpt6zi3NVjtfq5D2HvwM1hdMnWoNHjej4wgOGkmE1DGlzyX0dSQphbigAWotPXEnw2Z77siL4Cu5ESrwthuK5kNd_vFvrU2xxZYS2x3-MZo1G__VBTGXQ_uyprRSHLk_4nRjlUMfBgnExfOaM-RclarvNoqAIKFW4folZR3bbx3Z9rw-1779ZYBXtmIofHCzw_rXXWLjvW02gjcQjxtBZcfqb0X8_OcbRgZg7h86XTqNbiw8yqXubS11ARa0u8bDMigPlMbI5cPnTvYHyEd5p3DkW4tWjzbX1ZJkhyGEvKhU2TXzSQOvdtBT2LOTNQ270XeLaflUccJzWa_edjZn5FKljUFee9vRBnZPYVWO2l6QA8_OZXhCVECGoybPTrpIT6W648yCv6xHoYaGw6MolOqfmDsDlCVgS6gv1Nww5vAchShDVDVHyQPGJm_BY0-UXYNN8Nf3uuNtoDOC3F4N6-GARqzic8K6rGyWzD3JEZawl8G_sMNLTai8_NbHUAwTSTEk9qTils6nAKyFgce6Y_0YMQmaDX9Xjw8t__Leotw_2ngrsNbmZkk6gFcYO0Hb7tu3D0jHgy3MQGcC33IfWu5oR4-zJx34qiNMhWKrTk16A0tvu50imHedfTm67Pep7JKeiEd4kc1X8-m7z0KBy2itM0s5QcnJLrKu1gVStWO77Cj6MvSeW4mvG6Z4b44plpFxxPdodHCWNpb4tV5E7df7dEhUElPOuIO2XxN4fhrMS7ICk-LiUsitYQDXvy6DbrgsUzwIC0J8vTEi6WgHR78SCIyz0f7CQore9clzakweLmjUQ-nKsjbnCNl3In5xODi3Aji01qyqF2U2gicBKiDGR_b4OvjGuo2nJSIzmUyXrh6e4S8t5n0XEV5fDY8YIAhmgJ-u9Iwr9k4I_QcoV0LuVn-cyPQw8lwK79P3jc8jA17zYoKcF8098gazRiFNq-zdAK2i_Oiee-ooYMCImqwRPTA6gtR1TBBN4LBfaZpNAVu0IVBX4lrIpLJpPvaEGqdkWxqeJQhkcaW0tHamTFfbT_dRkOxo-Rv_dr92WybQXGSQ1EqDjaXAsRhk-JFwCOIHpD3EIzAcwyrgCwuvYP8OhKxgR4bZfB1EjOr1-RvbW5HDLYGimpQJiClz3Kg1eLku9z2pn-VBc-3daeKAQ9P84j2RZVDAoK19ruVDlkIN9MqyswekDnipTq8XzK4omWIPDSyUJvJJIkYXpdcuoLvh3Y_y6oJaiUgB3eU7HLn0r6b_BW17w7KuxvuDHqEF8cL_xpR4mgQPb_BNXWxipWiJRKzwduSCqLdKPu62nbyjaUYpokew0yPxt&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&rfl=1%2Chttp%253A%252F%252Fwww.zdrave.bg%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 12:22:13 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame B7DC 29 KB
11 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11206
x-xss-protection: 0
server: cafe
etag: 16690196781007480285
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 12:22:13 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame A88D 170 KB
59 KB 23ms
13ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Origin: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:22:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13619
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 10:22:39 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame A88D 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BfFUq7iWw_euxH3GMec7UHGpj5oDV2a__aUzvNRec4Ti14Vek_5RhEDmcNzN88xudsH3oC4_2a1irJAWZsLspvDkSarfFPvNVri4qYgVsnZX2Fu_KEsZVrXbTvWd5JEbB2lzh93VlX7S3z7nI6PdbRZW9JpH_RdS_Sg58OvevP_OJrpstmcJ0CTyTLZYyD7drJl3cL&cry=1&dbm_d=AKAmf-AE44S5Xil45cnKdbp5SpOn3v3frw2S8gEnBP00GQAuTbkwD0RNuZVtb-BI6f8kCOV8BfmjXxEf7XCUqGJp2V8z5fI7SWsjFM6QU8-q3BRtQgDRfDGJOG5SQHenwGX8yk0fSDQpQ2nL7qnO4Ckpjc_2A6wxndi0VO1cbDd1aYpMg1WDyrwz34l6_arhbmQ2DIoUSROc6Cth-vU7thbZxd9k-Zn2FXlLWJHPELtGGxgA7STIULPvo-kYYldY6QF3sVBjRdv8OlvMyhE91EsXGmSbEBAnT1_47K85ieh6xr_EESY-b4rpp5ZGAMlS_8ivweui7NFHwTMW4nMT8-X9L5mlWU-_Anrlv73Ky_ng5OqUvCj2oyMhNPlXgCpmWx0NWoO8M8635HOC4H0yerdW_sdNsnb5OA5NiVXVqJd52AGRMrSveHCRr-ji_SYtFUceCDCLMtWdyuIdntyTGUmsG-VeOmAsC6V1N695MK1zQiLHpqw9_bH26ztuSHyWz2OzDX58lUKytecwajS7SDW_SHnzCpnXll7yJSBAAZv6Wr2Pg61scvM26eVSbM5um8cmbi3mOSeCPtLESTFQbMnmtHVzUqgdaHlllZMWO-mhJiFpx4YulkZV4vY3nQxakMIVRfcWdCF2397VQUfLAr08KuOX8i7Aemz3uqWh2I-WKaD1uL8KopowQ9Z8-QGKC69mLOQqiGrQsNJErSQ2eWPsJB_dK1uv3YgOonaqYRIT0gwSR47U1U7TRQCPvXJi8ZmojSMY9A_rwXddkJS89HIMqCi6cSfCzMJrZJDpV3FNdlB5gD7n_kNlBDOA43GruU2l6EqayrAcXPnub-UtrtKn7pE0hSyc6puYD4Ds8hHB4X9eV_qD9kUhPvWHBn9ZMuEFWG3bv-5nWeqvolK6Ucr7epgwjI3Yt7xIx8KscVOcXzdIE947fgh_Igg0S4TK-PumUbBjLOFnEcFILcPrL81fUdErOdp1Y5NdSCThRdTrEyGAJx_7r5NYWtz2LeNH-pUZ-mH5-0IaNkEIEL8jZFZeAZMdEgY62ytoNyAIaiT4Uw6FvIIRvOxqDdZ1L29-15lInrqbTOk23zLjvVj6LUhG7kGMEIBy3kPEhoQvHEBPGz5bAmQ1_Q7BdkAq-ACsI4R1qRMo_sMzNYj_0CeOovnZtVAH30M1kOJj7QhWVnq7BrcqRuT6LxPyOvNyJPL0veEutF-PVl4v1rKUKG5jpPa6fT7m_6Gp3KjeVmpWqCpPzmQsiAQavjRaROkG9gY7uQpk5eRahNxta-3NEgd5fMAOrFMBzirLhxVmgaVBjSWZ-J7ea5guua1HqqjiMooLNMwdLC7WNGGVa6MNzOJ3Znn3VDFXOdKomPRKTxwab_R7hAEsXKv2EhFlESHYi6n26xuNr5lXk-sAKiWVgBnR2B4x6xNYjMj4gzf3LbdPdQWHjC7bJshWGmiO_bxEb5qBursO5MGb9E4HVhJxzdXeJ0nY_veyybTZPFLnFr-GB9vNO1Cr76J0r1eISnCNrAKQ2yRaSdIa1A1L8MitgRB8F45POSNsRyeEA26sNqhFFz2_U3vdFXql4ki_0QLSJftpc7hcgR7HjKV0Idtx9hrzEY3tnQt7pFTpSlHfb4QfFuKwPtizz5HJLt-ekyiIogMtfQnW8T3nJcWG27glFDpu0LCymzqsS_TOumynugo3czP-O7gGS3-SKA30vvSGu23rjhQ1JTMQ2s9vYM7rB8UySk2gIuVrH_obO-hqWz7P7UUdpR3cEVOhx9TxJ7aCyohygWrx9zhCL5D3D-ClvsCyp_Az0PjvPYFG536kMvhLoXwJWM0o85fjfHoHL0JOiE4zn0WrHRP3hLMu_y2QMUxeRmC76Diz6I8qfRqB2cAN3jFezXR8eK2qDhr2hXXWg3YzyjxUM7jcnaEHRPmAqc4S4oaFNEqIVAxUd6qHU-Kh1q_9S8nuB9-Dbq_pgSehhx58nfdCNDXPC4f-mBck_A--cL9ZDm-0VPdJ1NOFxZ5_ymqS-XzJyoPljq5Q_EOXGk2MgDPr-h2u1KIcgKNBxLtRJxWeU8tO416wObCRpDn3BEr4aw2-SUNCc21pFpNZ1YHSBsyDjb3HiJfHcUOSTIiEhodn-WxwM81Ax6WNQxogCEK56CDG3cjJmvquwRcuMjxS2drgDJeWkLK2B4ltdH8WTNNr34XzwxNRt8r4s-WkNOd1sRqqUS6ypcnFdrQIV-a5cG6Fnoq27CeWnzkHRla4Px_Zz1pMVHF4b5_jcsdkARgH2gNaDNlrLQ2ZBl_ktCS6342GYTENVmTquftQUObsjp4Y9NZlxU8i8lPRgNymgCG55p0y_0noOvPqrh6YhSosOffp9In5B8sgrMz6hIzUvMjvQ9tU4wUDzhM2KNuWe59RkHTOnh4QtTBYQlDVUlUiR3mFKtsMy33EIwgrluJSBct4N-JdmTg0ixLWsedMNb7U70NlyyImltd9G5p4eCEyYbh6j_XojVNKRsbzIUvonz-PQYcq4O-wkRv8eZCJLnK838W1DXVmSm-8alQ-2XBruObcf-8RhIbvaA6YuXx9xJKKdc8Vl5OZ5GUj9qweVsWW-VhBsslV1nlnZvWeIxvgvECIBt2latraacT_hveKqA6MBTLOeRTkAUR5dW_WWUOOBtd3lELtk1CQl1rjci7hApG1XgVQTUw2L49dgjWBTS7UvmlUZQXHHt83xeZ44p4g5G9pgWQaiq0yBq9jSt-bnw9occfJ8cYa9zgeB88T6qmOuanabB2HWGuzBSNmP-XmG6aQjk5zAy_UxPA6ZYQoLTMHUEGjuRQzTpsAB7jGBPnyN0WGNa5IlVoR_3TB5OAmPBkPznfI39Q_R8vcTcubKDsDHSXvsKpk18R-PTERZncgcTxB5D4Jz5i7iOdLaQ4ekYwXy4o5yT0-_IQtQDBtVSoRNgJNNf1h3gsx6xfcGrd0KDgovmiSCSpwFeOQTlZ0hf-lWWLXq83BM7Es77Ausz3KYkAQG3EcMmmjYdD5FhukEY8DdKKzk_OUG2rA1f_vnVNpCxdtitpYA1Zr6BpAHcLlL9fAURZ_rPpRmTyARWQ92q258FANdPndk-g-ArKgtluJiGNuoleAIXflfJXmjtMRfQBwbKFQeE3JRThwSh8Dw2O4gZd_oI3Nz_QjVF17OdhW18Mn_BtAWfRC_FJhK8HeeRbWE7BLtvqEdj4p3qaY3m5iJZCKvVtvYP1jKXPZNwFFYBT9_n0c4bKn9EifDqPGXI6ZgqHfQjQHpxQl125vANE2bOFE0eE1t5uprXQj93x-9F08cEbd2UUsX98cr4vYHIKB1HQBbD7032_CJjHJ9QYXouwtjlY5UweCGOOJ8lgVohqSJGJGMYrLJu2B5EKRRZaJU6MrsUfVN3AX-sHCVK12M69fFqWGT0f1bbP6St_VfLhFAuGXSgnWGZPjW0WmagDJyJ9ngxIfhVXQzTSTALNoGoupaSAZ8qn84dKLzShEFx3XBXD6um8vKrfCwCU6r92K24k_wpdBbRCuOyca78QZx9DXGPMn5QQz9w0a2pb-yZoSkLiIMMUnJSrpJQ3_pIcVZ8KKYeMZb9ezEMQeUmA1UuRA7w&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&rfl=1%2Chttp%253A%252F%252Fwww.zdrave.bg%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 12:22:13 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame A88D 29 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11206
x-xss-protection: 0
server: cafe
etag: 16690196781007480285
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 12:22:13 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D0FA 0
0 157ms
155ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120101&jk=4147905082598504&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 27F5 36 KB
16 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:36:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 13:36:27 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B7DC 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 07:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 284593
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 07:06:25 GMT

GET
DATA 200
OK truncated
/ Frame B7DC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64dfbb41c04ec6e3bdb0a265c13e74385c8312c9bba15588f421f57124c13e70

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A88D 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 07:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 284593
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 07:06:25 GMT

GET
DATA 200
OK truncated
/ Frame A88D 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca6cb7fcf6c6f22035ddeb69762ee6b184d41f02fe467e640bf132c803507db0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13346862896165610851/ Frame F5A1 6 KB
2 KB 57ms
34ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13346862896165610851/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8593f78c8259bf81cf89be006d0402c212ab6035e9653206ff9bd9b9f3fb6e41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 14682
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2467
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 10:04:56 GMT
expires: Tue, 05 Dec 2023 10:04:56 GMT
last-modified: Mon, 05 Dec 2022 07:37:56 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B7DC 0
0 117ms
55ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsse_OoUDR6qW_saKJU8f5QKUCSr3XxnZmqouKUwDMi0ZfzT0xiY4u5tLrJWdwuU2advRS__3qHpJNiOUd73cdV28vVwR0KI-RrWQTSORVhDjm20bMaflKcmjG9TN2mQYq0C0dY0U7uZOv_9TlZWyEFDfyH_BrKeu7MFcWVEsBEayml614KSKaiNghTTfPQBQuFEfZgdyT1_3K1mVhPqltaHidgXEtPqlz2BoCo3Re3DLEgTpEtDM-eiw7LBSxQlk_OgozsgdilSPbgCkNgsGPGV0ph5ccmZtbilk_oQ8EhsBxTTTIPXZbZTcMB-zABH7W_f__ae4doZkUfXx2ZMXwVEYBwTtNQRNJxDwUXaVOK7GnzJk42dp_Sao1EZecrvpHXngiNhgZosQl-iDY-VHp6rbhEx3zEF0DBAQR2nOR0pafzoNhZzE2CvIUsScQW7kkgJNvitZXaffc_GNPYadl7ouNso3Pza2rlztCcKueQcICidhgqRdpsyTkyNPjO1ji-KJ5Xdh48CQDWrKFa2A0EakkP6Dmxy7PtMRiGyR37xEaF5RHjv3764Mlvnz8JXOrf3BJBs8sf-gA7fzqjeU9RtlqQqJVVA0EI37ggU4oG9Hgmh6xWbB3g-cePp7J4lhCWjmvlXyo2ERRW1bbQRmz-3a-4LQQVag9cO6r9uU5xlG-_61JyImx-9OyBF8R4kKqQGC9dnmpFiKYnf9FRsMV0NgH2TtzpKFqiqdVp8KX6pwDUdOmMOuLJqJX7KGBX4mEESRosvduUTGXfZ4Dgx4FczJ0V6Hnp8qGGCsavkvEB6CVDJt1u4xG_TjUM4cRierULkc7jOnSVlt39tGmj2Ma0nZ95YvnCOb89CvFQZx3OKRxHO1YeZdaAfBVVHebrwK3K50nGc-WcAUrdsyykcqYMVBlJhBj9x__gKw3B_1juhnfPCLJuwHltQm7Qt-bCKSFc8pHAmyAasWnx-RgB5dTjiM_AeV0XmWUOo-814uQc8cvodjtcLjGpSD3_geEN5n4-LokrasScxUfYN2u9rySh9RVBYN1xjOJRO2Vpq3wlr5AZMt4GhkFyWpoR0F9w4pD7aNKFflG0ZvcWGgug4Tc3yqzPC2QbaXDeVmeSamaNt4Vuqrh1kjgwyiQDp6f7dt3U2Dlaax5K66OhXrwF80Nf3AEZtsCu90qj6msr8btscMmZsjE57BVF8tBrfmgnCN1mVyoBZqlw9otjg6KnQzWP8a5C2yEYfK-lpYcZ-vWgtYVrVnVmpKw&sai=AMfl-YTZ43J4E52sKCJvCGHdYz7kW85T8J58hYYCBaru3AQ-HqR7d6C4Y59bZRLzMQ1jwDLREG64e9l0uhV2OfJHu5nNuXE3o3-kjXz-AsHl8LkEAuTl4Eq6KFE5Q-LbUxsBCL3HuvTwXqfIqmAe2LcVFh6FEqXCMEHXutehnrq7eyJRskWfesd6trFRgIv4Cd-F35ShOYoRdxp50bAUMvHv1WO_KzBOv5adx55NdDh1sWI_O3UL826e0MGaU8TAKFn1KHhXewjMEspkfDLK5qZIy7oiF5pROTasN5bx78GgQQ&sig=Cg0ArKJSzPctjq62nAb0EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=129&cbvp=1&cstd=126&cisv=r20221110.09427&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 05 Dec 2022 14:09:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 21 KB
4 KB 38ms
17ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aef81bbd6c293e980919d94a8a53b2652bf77a7d4900ee4b9ca244d2a456ac51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:38 GMT
expires: Tue, 05 Dec 2023 14:09:38 GMT
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A88D 0
0 64ms
53ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvatips_S_pUUhUiAWlOfkimpaY-lO3nhS2--uS3ICtQUPDoHuLfLB4ceoih2P5JBbYoGPuU9oX4-byAQIziCpkBbfvhD6bhO5k6VAIOXaPnKbB2q6ZKOLUUwM4sL4MbvRui9-avjiOjYRs44A4EEmeYU-lY2z6Xaqi1o-OJwYr8rA1m0V4VQMY-LVbFOLGReUK6Xd4iq7A72sjjiGKPgYD8TfuHXFRAjCogKLUdvW2AG1S5g5k2UOaagopdBJmIb5fjZCEHxHLsgc56564gn3zcyk90I8dTkVlpKwGyDwiMEhp0I97Wnx_yNf2-fCbaKloQx0eoofG8HkQ8t6VHQBmP0PL9XFwhYryl2dfRR-AgPSNb4L2y2bQ3rko3MXZw7aINyXA_al7GoqQWYkoEjus7jpHX84OQg5_2tIZ6KaoqO8cS04k59WeOD4bXe93OpcfxUix6UGRCtCgrQ0oDCNcCG5KBPUNGtK1qJ430JVM0xv0NFay9CetGs3pt2uyfedDYOHOTnr8LpOHJcGxpySaKRPuFb605SlpY8K5lZApt-B9urxDQgvU6ntgR5sbJXlNFq7swXJOS0thvvdhP0Rx3emAMwa3SDJvA_Rj74p4xdHiq1toD-nHP0NCSqo40HtBeSoDPvtgYgCuwrQ5oBq2y3eBFuBDnZFAt0BdRQE3Rg28p7MigKqsMDoMntUVm26LhmEgbJhQOOxI-6q0frPxyzgTq5dmvostntil402694Tgsu7HCIl6ji5QNi5sO7PX3nPYN83rTFMpBf58MJ-94mL5SSCnGMCp4X6ppFDNbklduoXAHY0o-QGLxBz8Bd13xthT_6SCw2p3dC621z79x0L6QJkxrQGfajil74sqbyb8W2iMb95IPZpuSIshGoXXPuZ2I2TRbWIwlJuOM14zZtWf5XH462O62R4q0UNejrnfzvPYddVD7-zy6jbrmk-6KpgkCyRxRIBlqN6kZj3W7GkEDj1H_K5a5RJjdZ4Irc1vakbTZY0Sb1bqI19Eu8BB69t2tTIACPYjZx_N1GsPDv7QYMbkQdwhtTTOEQjiwmSIBtMXiuSC7GAUTA6eGnsmnwnmQ90DFZkXFmvHPoTbceV4BsZwP_yyO_qXD_qIvaVa91LEYKXYrFRIwue9MnUX5Ab5-c_THv7tIiAquP3dhctrI96XXWMcEYNt1SkbZjL0u1Z-6rb1yfpxslKHCGhyHfLBrnVdrh2R_cDrTmYmAT1nbq0q9T9iKxkFkscj81I&sai=AMfl-YQJmagRpv4Xqxy16ce0XCT0v9FgUnujp7FEL5gN76nCstrTWuoa9bCMdmNpOX9vsrovkhDttARSq7K1KbS8uXjfFmElFOdSmtyxY9-O2wXtp0gxlDmHpEQ8EPrXA2CjSK3BEjWz-LTpekFJMWDV1qtB4K18uYFX1H70nMlH8PcSaW9DXib4p0SvF2W9aHwPLu5ldN-1LWTaXPUFRpEVs2rkFXg3jfVjMbgNmqWH4DZE6ISQ7pfdrPbzurMhw0ONZIo-5ulj29Ja16aPscn6fxTiaHthhGLSNv0rUqOcpz6Q3AX47UQJvI1ALuLOWwi-IQ&sig=Cg0ArKJSzC9fmxHH1h0cEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=156&cbvp=1&cstd=143&cisv=r20221110.73444&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 05 Dec 2022 14:09:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame CDD8 170 KB
59 KB 34ms
8ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Origin: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:22:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13619
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 10:22:39 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame CDD8 8 KB
3 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BvhE72GeYVzvEeI5TBoQzYaGAWvvUqHYU_YrXTPq2xNQbyqne6yDXVpzJgRyHjLoIp4FbVhfv5NV1qLYsltskxrdhSj4JYzSBmww3QAhf0SSE5nFrz4DPtC2Gbq6gRzAl5yoK-DwFmYq3Ijrqlb-GWyM1ygsYNDsnT6GrpKqffB4pthNo&dbm_d=AKAmf-CU0gU0uYZDYnt5uErvBerjqlBHYKhbSkY6sfFPiSk7IL0kPdH5CmO7jy5t4X_kJ3hdyIfAEGstcHmh9Qwy6JspnCckXffZQfA4_DzJFbxdQcL-oDMCAMc8d710WwrwaR379j7NjnGeJYyAWjervG1IjVKbBCKF5OH_tPmNaVGIsO5VKaHBU-xDPC3G2mkbW0Zr-N3-Ee7CzXcG2tWrTbEqloiQ1ejk3jRL8nMPFdqqL6yWj2ZjloE2yphCs7fGP9xMfLfdDKo8UuQPacGHNALdX_As8sc47aB1T9V5rkhvzTNA8zjNwRxLX369xT5-gOqudhl07rB2jiDacAP2dRpaw3OWD3soXj1uGbJSMuo1uSo0tY6yJygTapXQmm6hBCBir47eR9laMCP0_ezaRiSxzhlGfJOx0YfIfQbaRtucl-b2iZ0JU-Zp1_3FPhTA4-nBm0v3dX2Y6XXByG7OYS5giRXdVbGXMvBfDt-uduOz9SacXn3Z_KcmVyI1VaPmP331HwkhbnfHIOs5AamM8BS0SXj29y3a_jy_Zn4PEv5SvQ2IC-_zs4uWq937WQ4Gfu2RM7bzU7xCtMbsct0QTZUDK-02tVYhHkrY1IWLEs_NsKgrToHAoEqtwSEp1KIPWCyrLGtGUhXVO54Tc1vikX6wIofTcI3qaCMAxQ4L1QCGpDCLDRXEcqh3jFvz_sfN71rIW5TsrFmsfasoHww6Wj62T9-CuKtXhXj-8x6cBRfLxWMmNjXsefX5WS8-d-q-Fv4H2jJAMzRAw-ggTMmiR0YOlRU3zq57TtLfOHnTIYo-h069zFFWDH0iMS9Ij3DzLJEY0JZ0wi5ABDdek3-a7HoxxnAX2rju_O3BFgQevO7x7yurtaH2ny4rU6pv6CNetJSqMm3OEmWDfTHZsMiUgQXj1FJJnEkQHQKA9CFVIRrtlJmcFwlWeuvN9ciQwOyrA32_aZg80K9oHjTqSpK2yrMesflmYtE6MV_rUkjWU7iuzhMsoNmXZULGcZsPRDrdLoC-Dk04p-uV9GJRgl-6ioHz8i5nsFhj4Hwawls3orZpdsegEtX3oiJjTSqWw9LuF0FryIBVqN2lb2m9ZodK4u6Rz6XN6GVG4WN7C6Aua9tmHyzziwmtnrlmZ0gwxxR6WWLCTleHYCnsF_DFnfyG_A8-g7dpVAGSxxhyYjSgxV0KAV80tQ9aFSJeJUQioL5SSK0TlYyhv1xNlItiBxmCok_ryhJ3we8HXwlrKHjKMSfAFv361Vk4oBe-fNixRpnEUmwvjp-JdJRittZhlLeqXvA-TF9NKBHtMElqNwgkJbAT5YPzKWuaHqbk_LklxaawuNmG0p7RiUgBZPq5FHKpzeNQH47Y30qQ4c2G6gKGM-Kt64W2PFwvcmfPO6ZbeS12y_mBVn2VMa6PCZ9YGIpXF_kgteH11L6mtB3AzlDXbR7VNuYvxaJDu8YxZtHX89O-KOxTrZnLAS871bE9EgquZAJa87RPYwUl4CR_NxpYwbWcLOe3gcFlBI6OTLytLB5nJnqJ4iaC6VNB0bpmIAHrJ3kEozQluYQXKGc8HYkveSmoH0nALWh4meElHGijW6SaAQdpd2WsKxiStb5kPMnaBQ4pl7h93GtX22hhY43dtYlHvEIM54lMpdxofQceYDFGFFtQJLN-11oo8C_du6Je3dD14SWm6LCSpYDofKH9hlFMSU2dyEwTWNOZH9cI7OAMjUeuUGu67QhMHR38S6V7Rf01pq4zQYSFmiHSsPW-Oayk3kZaeFjwl8qw_dcp0hzQS5mtOqOBgf3fAFiG0MazLFmH6jfdpDT3ad1myJ6md-AZGdmLYMcOwG2Tp6Rlwwiy5qC_rgs0Tov-s-onHmslTGeXXq8ZxRTF8_REEhJfwxpl8kzkCzGqmtz_Fe4ZzS_SR8CMaU5B2QGipOuglwrOtvqmajMnV64cGl8-ytdatXZHFO6xEYQIP0bhZtrAL2bDkpMBkWR5C0CG00EIk5-D3d_Vl66BzAlwrhoczrvLzfM5gSOrccBdwRQ-elqbgBUERlVWBTP5R-Mlymn0O2DSRypUprhdJWe8g__vAPX4JudMcwoJiOGbJlA0Fp1kostJqyntxeDL3GsQl4gTO7CbpfD0_1zM0EAQJwhuq6AVJFupmIjARpog-yT2YH9QoLhj5Ep2CHR1MUx10D7DHTDCruLvVYeLJrIXvgeCLLWY57NcQ8zZj--0pJSBUEPTv9vNMFD8cua6kKlnT033sTlDaj4KAZWHVG47zrb8jWggzM6zDrG8m-oSKgse61Md-jQxtoL8xYdE-4_LGdXM_iwwt1MF6d_OUwLYYkTJFFLI-kFEwaYlu-MPNHR6lJFDTThfI8ZZHScjEhxHxnedbfL6bm4ihZreTnYrd2eSFCjt9UMJz6o1LV5q6Z4zSgNTZBx_FWuzUqYtxZXKls3Ymv4fRm5qFcl3OTgDwRqsaZjSklCBNvpzyDwT1s_dlB0Qp3jzRiWxaV-D2rNX5AbpIkmzbcQpe54JqFGNtptHqApAWUAp2PO0ENMySkw5IYkX4PoULxQbxNINhxcXrHdIEYpk-lO18SJ16BC5QFRtq_wzx1WUnjmJX9Hgp2so6KYqx7LfFvvgV4_NY0lBysdhpqrEYDgPJ15-H_BQhvNCDCDIt4nlfZSprty1nbiiBDFt5Iw5NNrr5nzpGW7CLmPDnpQizV9lTJn9HWFHsBB8HiTOBMvB5-Xt_7-JCsSAwAXWh1tyREdXtowdGoO12j6PU9vRi2xhjqK4Dk2x8j63PTAWwbXH7kTtCybd1bxR00fPFedtKns4Da6m5Phw2MDvFuQCnnH42o43mznnhfeHAEk2Du-Z6DPOvqIi_91k0XQuPByBraXRysKdo3AuruUD-LR813wi1zWydBt1xfHPBl-dzxM__MPuTHAMdde_4CmlK3MY0s5cI9kexTcnQC1h2EpO_LcJk5wkhyf317BEZ86vUFsNs9130AcyBAm9VXAOHzW9smmtPWSoAC9lPR8qgmjbTRMVFZnd4mPcr7jUD8ch0o0FltLikhquFtNBdDyfTlX-Lf7lON-wGoD_RlkT5Dqx_Ra7WRG7T6cgXuK0UKpj2Rs7472P5JiykoPFl8RFkKgZlWNIKA65-FUtdjYWwIb75pu7Ee_jRoNJjyNPBM6oW-52BsI6pV3jkRwceTI2rYb6CwMjLOxQO7sct7ib7qNHJszywt9nPULxsVSy1M-CDvLoH7G8nBSj8b-ar6YNnruQRJ8BfALrE0zaIQpEtrN68-5EFpwTYXz8P01z4uHTEtmgoLrmJUDfXbrFrsWSljBwODAxs9r038ka3vQcN0bbGS24fxBfuw0yrSjVt3pFaHExz3XPAelaNU3EMazlqzbjyvVR9QAQEhzoL0MlqapA3cjwIe_ktnDnvt6zjvkEPFM02reI5U41k1WXSaJi8T4YRjaHUTD0qPU7tfEU-UN8gPN_DAhTq5xahXvSxS5FKRvxSzuuG6WRVg2DgHn-2f7UOsu_TTU5qmtTV5hUaAeCbdFmxYs5iizWWD5hO1NrO683_NR3U0VkzWej2CCNckwIe8jVvuOZpqbXU_vQ_K86zc1-ztlt9kGQIt2PBXTdpdC-kUYVodZxQm0oMsiPAzYsCCTGj90VkD0fHBhgKnl37kj-YK4tV_S9PA_IKdQH-dTWkRXicwjckZOv3B3YYW-1eTC-GcQ4EJwqThIBrEsIc11QBWle2A&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&rfl=1%2Chttp%253A%252F%252Fwww.zdrave.bg%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 12:22:13 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame CDD8 29 KB
11 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11206
x-xss-protection: 0
server: cafe
etag: 16690196781007480285
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Dec 2022 12:22:13 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 674A 22 KB
8 KB 18ms
14ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 153016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 19:39:22 GMT
expires: Sun, 03 Dec 2023 19:39:22 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F5A1 236 KB
63 KB 31ms
22ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame F5A1 4 KB
1 KB 62ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300;700&display=swap

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

38d95de33678eb79a5d7632f0dedc17f54defe0da27cba210acb8916e520f8a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:05:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 avoury-xmas-160x600.js Show response
s0.2mdn.net/sadbundle/13346862896165610851/ Frame F5A1 40 KB
10 KB 26ms
12ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13346862896165610851/avoury-xmas-160x600.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61677ed7fbd1f41b94a9b017dc22579d44c6ebecee1628c84d92683b567f1f8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:04:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14682
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 07:37:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:04:56 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame ED49 22 KB
8 KB 32ms
16ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 153016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 19:39:22 GMT
expires: Sun, 03 Dec 2023 19:39:22 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gwdpage_style.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 55 B
103 B 20ms
20ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdpage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 09:59:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274220
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 09:59:18 GMT

GET
H3 200 gwdpagedeck_style.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 731 B
263 B 34ms
17ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdpagedeck_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 09:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274340
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 09:57:18 GMT

GET
H3 200 gwdgooglead_style.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 24 B
72 B 33ms
16ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdgooglead_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 04:32:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 207454
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Dec 2023 04:32:04 GMT

GET
H3 200 gwdtaparea_style.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 157 B
144 B 32ms
15ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdtaparea_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 05:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 05:00:13 GMT

GET
H3 200 gwdimage_style.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 281 B
187 B 33ms
16ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdimage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 09:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277356
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 09:07:02 GMT

GET
H3 200 gwdattached_style.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 26 B
74 B 31ms
14ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdattached_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 02:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302803
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 02:02:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 85CA 6 KB
796 B 43ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,400;1,500&display=swap

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b5983a700736883de9922d6027b0755f61fa64b7bd2baae389a458bd82fee7dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 12:57:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 mig_gwd.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 1 KB
364 B 29ms
13ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/mig_gwd.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55ae3019ffd5414570927a95d425239d2ce501cf36095b42f8763cbcfd07802f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 265734
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 335
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 12:20:44 GMT

GET
H3 200 fontello.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 6 KB
4 KB 28ms
12ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/fontello.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ef46bb8ac9953f3a931c08fdc788f7eca8a93b7cf6a12dee6dcbbd088dd4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 07:27:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 283352
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4250
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 07:27:06 GMT

GET
H3 200 storiesad.css
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 14 KB
2 KB 35ms
19ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/storiesad.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3ccd587684aecb12ffd28299049ce91940e92b5088dc8b09daf4b41b1fa6e30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 19:39:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239380
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 19:39:58 GMT

GET
H3 200 googbase_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 247 B
235 B 41ms
25ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/googbase_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503621190c75700c18c84fd3ec0977bf31b083d66e331d1009bb9cd17cdb85da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 11:55:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 180826
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Dec 2023 11:55:52 GMT

GET
H3 200 gwd_webcomponents_v1_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 21 KB
6 KB 39ms
23ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwd_webcomponents_v1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c51a4086e332a8b351790a53582dbba5bd78b7a1f021b829d93da3ad59ca575f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 03:16:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 298392
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6286
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 03:16:26 GMT

GET
H3 200 gwdpage_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 3 KB
1 KB 39ms
23ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdpage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

257c9947bb8a45c4a0519f4ddc8769ecc7f889e268a046b0f05c17dfc7912eee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 03:55:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296066
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 03:55:12 GMT

GET
H3 200 gwdpagedeck_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 8 KB
3 KB 39ms
24ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdpagedeck_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07b9621ff6886bdda3fbafc4d21319eab9a92a7922d38bacca72f5679249ac32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 01:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 303037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3145
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 01:59:01 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 85CA 118 KB
40 KB 35ms
20ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 06:28:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 06:28:55 GMT

GET
H3 200 gwdgooglead_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 13 KB
4 KB 34ms
19ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdgooglead_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ac5c3a1604eb19f5c47e157ea3b58b4297428e653b74d6def6b41661a25eb5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:04:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 266688
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4332
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 12:04:50 GMT

GET
H3 200 gwdtaparea_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 4 KB
2 KB 50ms
32ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdtaparea_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e99c54c8d777d1b291f68296ac99fe0c7b8f51153eb7b36b1a88b4783bfd2bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 14:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258303
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1746
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 14:24:35 GMT

GET
H3 200 gwd-events-support.1.0.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 2 KB
726 B 48ms
30ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwd-events-support.1.0.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72a80770f582b1bb93c4686c2d8f7d96cd6e911198e518ba3f19cd50cb108804

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 15:36:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 253979
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 687
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 15:36:39 GMT

GET
H3 200 gwdstudioenablerdataprovider_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 2 KB
864 B 49ms
31ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdstudioenablerdataprovider_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae7e47dc4962b2c882df0b7f66b29168654075e4ebeb7fe481c7d2ac3330412a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 05:03:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 291973
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 05:03:25 GMT

GET
H3 200 gwdimage_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 5 KB
2 KB 46ms
29ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdimage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c3223c27067f54618683e5fdfe83536907b179e81ed9a39873aa8b8140c05f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 07:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197166
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2001
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Dec 2023 07:23:32 GMT

GET
H3 200 gwdattached_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 1 KB
626 B 42ms
25ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdattached_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1b78dc0bec6c4c5e65036a6d67c15a91ae2fc807f61ddab5ddccc3483cb9c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 00:51:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 220668
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 587
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Dec 2023 00:51:50 GMT

GET
H3 200 gwdtexthelper_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 7 KB
3 KB 44ms
27ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdtexthelper_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ce8bd0ee36a0c73ad575c2b1a3d8117bb51a83021a64510197960c8fe5a1e72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 04:11:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208696
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2867
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Dec 2023 04:11:22 GMT

GET
H3 200 gwddatabinder_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 5 KB
2 KB 53ms
35ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwddatabinder_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f94da61df33854f21c6df7a5ef4574368905bd23ac88229b69478bf87ea4a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 17:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 246864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2320
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 17:35:14 GMT

GET
H3 200 gwdparallax_min.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 8 KB
3 KB 40ms
22ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwdparallax_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a45792c7db4934ab03ec970a8c0ba92d5b85e5af4482112dc9727fe94197250

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 14:12:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 259047
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3436
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 14:12:11 GMT

GET
H3 200 gwd-dynamic-binders.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 26 KB
10 KB 40ms
23ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/gwd-dynamic-binders.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56c25942686f9680cd51d2d21660b472f927a3b5af02a69dfa591772d169c18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 03:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210989
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10459
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Dec 2023 03:33:09 GMT

GET
H3 200 mig_gwd-events-support.1.0.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 4 KB
1 KB 50ms
33ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/mig_gwd-events-support.1.0.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de0026beacb0fa66759930355e717fe89078974692859c2aeea06f11b64c1de0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 07:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 284101
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1039
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 07:14:37 GMT

GET
H3 200 mig_gwd-id.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 3 KB
1 KB 51ms
34ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/mig_gwd-id.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a48949e222f4d06fa2b976a5a69eeaca967c0c0579e10c43104c04bc4f46bba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 20:05:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 237874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1044
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 20:05:04 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 85CA 60 KB
24 KB 62ms
45ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 easepack_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 85CA 2 KB
1 KB 56ms
39ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/easepack_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b4fe6e33e24427ff09805210219fe3cc19e22ed637e003efeea9131ecbd9121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1356
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:22:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/13460174838308012032/ Frame 85CA 17 KB
4 KB 48ms
32ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13460174838308012032/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77a9b3e8ab37517c4c141fd7787920e7e5aafb2c026b9084706b7a85ba3e19ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 02:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214740
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4036
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Dec 2023 02:30:38 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13151972954896785613/ Frame 5894 126 KB
34 KB 22ms
15ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=Tkvha6UMKy&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35e04b4855605c908b85662df66fa3f5fce2fe1fa2d284873c1349b101bd7bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 14:09:38 GMT
expires: Tue, 05 Dec 2023 14:09:38 GMT
last-modified: Wed, 22 Jun 2022 11:30:07 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CDD8 0
0 72ms
54ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstVrdlvNvkPbrt94o2GFric7vdwL32ibp335R9K8DGwWCnwRusatphBvHz0M1rL53xPr6uaQvfBR49i_iaaa_2BZ2BHQ4FyfWmUe0lkmgQjBamn4gzS-Udw6HQtoSJNpa2AAVJvQLCcxhide_pZpFSQnhL2gm9g97LkXpd1YLghmv5t6b70QCC63jMDYTDLGUbdw1Za8_CPuCHPe5OhSsbgyBEuSsaC0v08f_FygesgmvMG-EUPEfXbCkNpVGhp__FcpYrZsKfUWxRe8N9ACYUjXbtFbYB55uZZ4rvT5YSphW7Nc-JzQ3C8R4WkAHbUuFl_QnC2a3MDdidGYBcx-w5Z2w8zwkeDcrO1HWw25YUq6I6AA8BGDxuiIfgjBQjk3daXVYSFYyQ-vqjhZ6kJR0CnVzZCsFWR3lNHUfauEnThIfT1bzPK7zxXqmLU6X12A36r8WggIV7HRfWunJDLPCMJM49pvvmKUBILG9_x5SSlUcHV_6pHBNUAtQMVTd1z82fG1yiPq-wR2qN-L9iO_EsZaNKKBmy9Nji7UD81d8rb9BjcUfyGuk0S2hGP9cSqaWxeUSfnJUZglIvPFvEFeC-MVNKrIkQrPM9oA6BWk7cqA8nD3K7WXea2xtW9iIdRwr1L7pCtT4GyuO1EPGcWo4NOVNyauVj_BORBF0pHTgz6ZG2HNI7ioX3zHBdsX5_BQW8RlycZJCyQBPlk-lA7svmCg_oUeAi_VTwDmSp1UK50TclChIPmannXz0aCzYvVzVAZvC9n6Dai0SE5jKFHAM5KOtWNReSP_KG4YU_zTGHigfo2vxOtysGe-ZIAMPMjoz7aEO4AIkTZsJoSjRuOjhhItggMPQ5lzGjbupJlREXCV4pu5d7Av22QAmev1LG0ljeqh3IsjNSbN-QmYIqGHBmimes5ngUZoNa0B_EtuCZuU53iNHuy_qx9R0vB5xEYRjOxY7yyM5KjPsetD4475aiUvCklqx9mvNA3LPQapcRTBB1eg9l9IPSo8BeNaUT-dTBd4yL9IH33-dFOHJJfCsylyzY_w4jlrZ0kHIKqsgpUmG2mvaCYNigV3tgPggcrjci43YrebEAtY7XzKdlCq0R7nzrbQXWwOnUDJHGtjpq3Gd0HYtpWMLlP5Jx1Wv8Ccsu9nw4T2ET3LwswuCYE2O-FsvBtKJV5HkgF4y7kOYOYOOX7dB1otw4f_ITk1rLokOlMwsQy5G-t1C_YlmkteJpYS5Y8XKd1gocw3Fm-auiqjj8&sai=AMfl-YSiranV1uUhNFfKEikUksuKrfpZDciU8KH-XREZfYEIKfnctX2mBqsp07Yfwl240ZxFqpyb4wdl0sGf0wmfCDHzLgaQCnKFVXU8AWFvqYTJAzUXt2_RJ_Oyaa_PXrdpCXRN7igShWMMfPbKF8_0iiibIJIf3rIdP4NpfgsDjmNlDL5HkG3z0pK1p_dU9MfaQHr7qVikfitFr-O1ilnnqwpdMoRx62akuuGwumXrlaWiw4t5Iq_c5qv80GnrfnDrvPobah5IFhPSJLITe678h6_K3nfd7PIHuAkW8V29XQ&sig=Cg0ArKJSzFnyFqqOf0RtEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=187&cbvp=1&cstd=182&cisv=r20221110.90122&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 05 Dec 2022 14:09:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame CDD8
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202211_es_ukraine_dv_pros_353149978&atb_dpuid=di_dv&gdpr=&gdpr_consent=
https://d.adtriba.com/px.gif

42 B
227 B

8ms
8ms

Image
image/gif

3.123.239.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Requested by: Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 3.123.239.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-239-61.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Mon, 05 Dec 2022 14:09:38 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Mon, 05 Dec 2022 14:09:38 GMT
Last-Modified: Mon, 05 Dec 2022 14:09:38 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CDD8 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 07:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 284593
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 07:06:25 GMT

GET
DATA 200
OK truncated
/ Frame CDD8 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a13ef017bc3ec8946953ff442dba8259750a9c6a1190713a57bacc6005b6a7c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 674A 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:36:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 13:36:27 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5894 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=Tkvha6UMKy&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=Tkvha6UMKy&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 06:28:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 06:28:55 GMT

GET
H3 200 bg500.jpg
s0.2mdn.net/sadbundle/13346862896165610851/images/ Frame F5A1 30 KB
30 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13346862896165610851/images/bg500.jpg

Requested by

Host: 04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
URL: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e721117219198469e6833d133eb0fe938c8de9719567707cd056c8fe498ac9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:04:56 GMT
x-content-type-options: nosniff
age: 14682
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30489
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 07:37:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:04:56 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B7DC 0
0 45ms
45ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsse_OoUDR6qW_saKJU8f5QKUCSr3XxnZmqouKUwDMi0ZfzT0xiY4u5tLrJWdwuU2advRS__3qHpJNiOUd73cdV28vVwR0KI-RrWQTSORVhDjm20bMaflKcmjG9TN2mQYq0C0dY0U7uZOv_9TlZWyEFDfyH_BrKeu7MFcWVEsBEayml614KSKaiNghTTfPQBQuFEfZgdyT1_3K1mVhPqltaHidgXEtPqlz2BoCo3Re3DLEgTpEtDM-eiw7LBSxQlk_OgozsgdilSPbgCkNgsGPGV0ph5ccmZtbilk_oQ8EhsBxTTTIPXZbZTcMB-zABH7W_f__ae4doZkUfXx2ZMXwVEYBwTtNQRNJxDwUXaVOK7GnzJk42dp_Sao1EZecrvpHXngiNhgZosQl-iDY-VHp6rbhEx3zEF0DBAQR2nOR0pafzoNhZzE2CvIUsScQW7kkgJNvitZXaffc_GNPYadl7ouNso3Pza2rlztCcKueQcICidhgqRdpsyTkyNPjO1ji-KJ5Xdh48CQDWrKFa2A0EakkP6Dmxy7PtMRiGyR37xEaF5RHjv3764Mlvnz8JXOrf3BJBs8sf-gA7fzqjeU9RtlqQqJVVA0EI37ggU4oG9Hgmh6xWbB3g-cePp7J4lhCWjmvlXyo2ERRW1bbQRmz-3a-4LQQVag9cO6r9uU5xlG-_61JyImx-9OyBF8R4kKqQGC9dnmpFiKYnf9FRsMV0NgH2TtzpKFqiqdVp8KX6pwDUdOmMOuLJqJX7KGBX4mEESRosvduUTGXfZ4Dgx4FczJ0V6Hnp8qGGCsavkvEB6CVDJt1u4xG_TjUM4cRierULkc7jOnSVlt39tGmj2Ma0nZ95YvnCOb89CvFQZx3OKRxHO1YeZdaAfBVVHebrwK3K50nGc-WcAUrdsyykcqYMVBlJhBj9x__gKw3B_1juhnfPCLJuwHltQm7Qt-bCKSFc8pHAmyAasWnx-RgB5dTjiM_AeV0XmWUOo-814uQc8cvodjtcLjGpSD3_geEN5n4-LokrasScxUfYN2u9rySh9RVBYN1xjOJRO2Vpq3wlr5AZMt4GhkFyWpoR0F9w4pD7aNKFflG0ZvcWGgug4Tc3yqzPC2QbaXDeVmeSamaNt4Vuqrh1kjgwyiQDp6f7dt3U2Dlaax5K66OhXrwF80Nf3AEZtsCu90qj6msr8btscMmZsjE57BVF8tBrfmgnCN1mVyoBZqlw9otjg6KnQzWP8a5C2yEYfK-lpYcZ-vWgtYVrVnVmpKw&sai=AMfl-YTZ43J4E52sKCJvCGHdYz7kW85T8J58hYYCBaru3AQ-HqR7d6C4Y59bZRLzMQ1jwDLREG64e9l0uhV2OfJHu5nNuXE3o3-kjXz-AsHl8LkEAuTl4Eq6KFE5Q-LbUxsBCL3HuvTwXqfIqmAe2LcVFh6FEqXCMEHXutehnrq7eyJRskWfesd6trFRgIv4Cd-F35ShOYoRdxp50bAUMvHv1WO_KzBOv5adx55NdDh1sWI_O3UL826e0MGaU8TAKFn1KHhXewjMEspkfDLK5qZIy7oiF5pROTasN5bx78GgQQ&sig=Cg0ArKJSzPctjq62nAb0EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=454&vt=11&dtpt=325&dett=3&cstd=126&cisv=r20221110.09427&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 85CA 15 KB
16 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,400;1,500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 19:42:15 GMT
x-content-type-options: nosniff
age: 325643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 19:42:15 GMT

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame ED49 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:36:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 13:36:27 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4AE3 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 153016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 19:39:22 GMT
expires: Sun, 03 Dec 2023 19:39:22 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 85CA 3 KB
3 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5cd904ffbf1bd57de5d0f87227dda38cc47138ebf97974e687ec4407072e4584

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H3 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 85CA 17 KB
17 KB 22ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,400;1,500&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 00:52:35 GMT
x-content-type-options: nosniff
age: 479823
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17336
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Nov 2023 00:52:35 GMT

GET
H3 200 kapsel75.png
s0.2mdn.net/sadbundle/13346862896165610851/images/ Frame F5A1 4 KB
4 KB 8ms
8ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13346862896165610851/images/kapsel75.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9993912d3b5ba3ac5c8662d54428458c6a00ce001ea1c179def6d3fe6c3e45f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:04:56 GMT
x-content-type-options: nosniff
age: 14682
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3988
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 07:37:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:04:56 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CDD8 0
0 45ms
45ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstVrdlvNvkPbrt94o2GFric7vdwL32ibp335R9K8DGwWCnwRusatphBvHz0M1rL53xPr6uaQvfBR49i_iaaa_2BZ2BHQ4FyfWmUe0lkmgQjBamn4gzS-Udw6HQtoSJNpa2AAVJvQLCcxhide_pZpFSQnhL2gm9g97LkXpd1YLghmv5t6b70QCC63jMDYTDLGUbdw1Za8_CPuCHPe5OhSsbgyBEuSsaC0v08f_FygesgmvMG-EUPEfXbCkNpVGhp__FcpYrZsKfUWxRe8N9ACYUjXbtFbYB55uZZ4rvT5YSphW7Nc-JzQ3C8R4WkAHbUuFl_QnC2a3MDdidGYBcx-w5Z2w8zwkeDcrO1HWw25YUq6I6AA8BGDxuiIfgjBQjk3daXVYSFYyQ-vqjhZ6kJR0CnVzZCsFWR3lNHUfauEnThIfT1bzPK7zxXqmLU6X12A36r8WggIV7HRfWunJDLPCMJM49pvvmKUBILG9_x5SSlUcHV_6pHBNUAtQMVTd1z82fG1yiPq-wR2qN-L9iO_EsZaNKKBmy9Nji7UD81d8rb9BjcUfyGuk0S2hGP9cSqaWxeUSfnJUZglIvPFvEFeC-MVNKrIkQrPM9oA6BWk7cqA8nD3K7WXea2xtW9iIdRwr1L7pCtT4GyuO1EPGcWo4NOVNyauVj_BORBF0pHTgz6ZG2HNI7ioX3zHBdsX5_BQW8RlycZJCyQBPlk-lA7svmCg_oUeAi_VTwDmSp1UK50TclChIPmannXz0aCzYvVzVAZvC9n6Dai0SE5jKFHAM5KOtWNReSP_KG4YU_zTGHigfo2vxOtysGe-ZIAMPMjoz7aEO4AIkTZsJoSjRuOjhhItggMPQ5lzGjbupJlREXCV4pu5d7Av22QAmev1LG0ljeqh3IsjNSbN-QmYIqGHBmimes5ngUZoNa0B_EtuCZuU53iNHuy_qx9R0vB5xEYRjOxY7yyM5KjPsetD4475aiUvCklqx9mvNA3LPQapcRTBB1eg9l9IPSo8BeNaUT-dTBd4yL9IH33-dFOHJJfCsylyzY_w4jlrZ0kHIKqsgpUmG2mvaCYNigV3tgPggcrjci43YrebEAtY7XzKdlCq0R7nzrbQXWwOnUDJHGtjpq3Gd0HYtpWMLlP5Jx1Wv8Ccsu9nw4T2ET3LwswuCYE2O-FsvBtKJV5HkgF4y7kOYOYOOX7dB1otw4f_ITk1rLokOlMwsQy5G-t1C_YlmkteJpYS5Y8XKd1gocw3Fm-auiqjj8&sai=AMfl-YSiranV1uUhNFfKEikUksuKrfpZDciU8KH-XREZfYEIKfnctX2mBqsp07Yfwl240ZxFqpyb4wdl0sGf0wmfCDHzLgaQCnKFVXU8AWFvqYTJAzUXt2_RJ_Oyaa_PXrdpCXRN7igShWMMfPbKF8_0iiibIJIf3rIdP4NpfgsDjmNlDL5HkG3z0pK1p_dU9MfaQHr7qVikfitFr-O1ilnnqwpdMoRx62akuuGwumXrlaWiw4t5Iq_c5qv80GnrfnDrvPobah5IFhPSJLITe678h6_K3nfd7PIHuAkW8V29XQ&sig=Cg0ArKJSzFnyFqqOf0RtEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=466&vt=11&dtpt=279&dett=3&cstd=182&cisv=r20221110.90122&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 85CA 7 KB
6 KB 80ms
48ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8fbe270934ee1858c90995db6d4ed8af552119df4087b7a71c8fd915de7c3942

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5697
x-xss-protection: 0

GET
H3 200 prod_studio_01_247_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame 85CA 31 KB
10 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 09:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16508
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10616
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 09:34:30 GMT

GET
H3 200 machine250silver.png
s0.2mdn.net/sadbundle/13346862896165610851/images/ Frame F5A1 29 KB
29 KB 29ms
13ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13346862896165610851/images/machine250silver.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b359e6245000ade04dafbef2e6075319d92057aac9547c2d6d9e37e296a70c91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:04:56 GMT
x-content-type-options: nosniff
age: 14682
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29483
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 07:37:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:04:56 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 27F5 0
10 B 18ms
12ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?HDSnbg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 4AE3 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:36:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 13:36:27 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5894 7 KB
5 KB 52ms
50ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3bde849d03e98d51f348288b83e1a6603459bfb658bb644133a8e3b28ad9afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5533
x-xss-protection: 0

GET
H3 200 package140.png
s0.2mdn.net/sadbundle/13346862896165610851/images/ Frame F5A1 12 KB
12 KB 7ms
7ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13346862896165610851/images/package140.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6746a9c24952c674339bee15c931fe98677dfd627a2f4916701b2b59376fb88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:04:56 GMT
x-content-type-options: nosniff
age: 14682
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12485
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 07:37:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:04:56 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/13151972954896785613/ Frame 5894 7 KB
7 KB 11ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13151972954896785613/logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c6573c2cf885d137cce0a8373a7a6e292972b597b9b08ae74ba0f1382cbd59c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=Tkvha6UMKy&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:27:53 GMT
x-content-type-options: nosniff
age: 2505
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7642
x-xss-protection: 0
last-modified: Wed, 22 Jun 2022 11:30:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 13:27:53 GMT

GET
H3 200 60028053_20221122044237746_202211_es_ukraine_bg_muetze_728x90.jpg
s0.2mdn.net/ads/richmedia/studio/60028053/ Frame 5894 23 KB
23 KB 12ms
10ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60028053/60028053_20221122044237746_202211_es_ukraine_bg_muetze_728x90.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fea569f188a1e367fefddfe745bca44cf1a79d38b1ce22ebc456f83d93d32059

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=Tkvha6UMKy&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:28:01 GMT
x-content-type-options: nosniff
age: 2497
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23619
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 12:42:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 13:28:01 GMT

GET
H3 200 texture600.jpg
s0.2mdn.net/sadbundle/13346862896165610851/images/ Frame F5A1 43 KB
43 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13346862896165610851/images/texture600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

880620a7585e7391c2d6049166ba8bffd02e39a9d4c506900cb8dbb993ef51b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:04:56 GMT
x-content-type-options: nosniff
age: 14682
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43755
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 07:37:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:04:56 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5894 17 KB
6 KB 74ms
72ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 85CA 17 KB
6 KB 93ms
92ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame A88D 0
0 55ms
55ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvatips_S_pUUhUiAWlOfkimpaY-lO3nhS2--uS3ICtQUPDoHuLfLB4ceoih2P5JBbYoGPuU9oX4-byAQIziCpkBbfvhD6bhO5k6VAIOXaPnKbB2q6ZKOLUUwM4sL4MbvRui9-avjiOjYRs44A4EEmeYU-lY2z6Xaqi1o-OJwYr8rA1m0V4VQMY-LVbFOLGReUK6Xd4iq7A72sjjiGKPgYD8TfuHXFRAjCogKLUdvW2AG1S5g5k2UOaagopdBJmIb5fjZCEHxHLsgc56564gn3zcyk90I8dTkVlpKwGyDwiMEhp0I97Wnx_yNf2-fCbaKloQx0eoofG8HkQ8t6VHQBmP0PL9XFwhYryl2dfRR-AgPSNb4L2y2bQ3rko3MXZw7aINyXA_al7GoqQWYkoEjus7jpHX84OQg5_2tIZ6KaoqO8cS04k59WeOD4bXe93OpcfxUix6UGRCtCgrQ0oDCNcCG5KBPUNGtK1qJ430JVM0xv0NFay9CetGs3pt2uyfedDYOHOTnr8LpOHJcGxpySaKRPuFb605SlpY8K5lZApt-B9urxDQgvU6ntgR5sbJXlNFq7swXJOS0thvvdhP0Rx3emAMwa3SDJvA_Rj74p4xdHiq1toD-nHP0NCSqo40HtBeSoDPvtgYgCuwrQ5oBq2y3eBFuBDnZFAt0BdRQE3Rg28p7MigKqsMDoMntUVm26LhmEgbJhQOOxI-6q0frPxyzgTq5dmvostntil402694Tgsu7HCIl6ji5QNi5sO7PX3nPYN83rTFMpBf58MJ-94mL5SSCnGMCp4X6ppFDNbklduoXAHY0o-QGLxBz8Bd13xthT_6SCw2p3dC621z79x0L6QJkxrQGfajil74sqbyb8W2iMb95IPZpuSIshGoXXPuZ2I2TRbWIwlJuOM14zZtWf5XH462O62R4q0UNejrnfzvPYddVD7-zy6jbrmk-6KpgkCyRxRIBlqN6kZj3W7GkEDj1H_K5a5RJjdZ4Irc1vakbTZY0Sb1bqI19Eu8BB69t2tTIACPYjZx_N1GsPDv7QYMbkQdwhtTTOEQjiwmSIBtMXiuSC7GAUTA6eGnsmnwnmQ90DFZkXFmvHPoTbceV4BsZwP_yyO_qXD_qIvaVa91LEYKXYrFRIwue9MnUX5Ab5-c_THv7tIiAquP3dhctrI96XXWMcEYNt1SkbZjL0u1Z-6rb1yfpxslKHCGhyHfLBrnVdrh2R_cDrTmYmAT1nbq0q9T9iKxkFkscj81I&sai=AMfl-YQJmagRpv4Xqxy16ce0XCT0v9FgUnujp7FEL5gN76nCstrTWuoa9bCMdmNpOX9vsrovkhDttARSq7K1KbS8uXjfFmElFOdSmtyxY9-O2wXtp0gxlDmHpEQ8EPrXA2CjSK3BEjWz-LTpekFJMWDV1qtB4K18uYFX1H70nMlH8PcSaW9DXib4p0SvF2W9aHwPLu5ldN-1LWTaXPUFRpEVs2rkFXg3jfVjMbgNmqWH4DZE6ISQ7pfdrPbzurMhw0ONZIo-5ulj29Ja16aPscn6fxTiaHthhGLSNv0rUqOcpz6Q3AX47UQJvI1ALuLOWwi-IQ&sig=Cg0ArKJSzC9fmxHH1h0cEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=831&vt=11&dtpt=675&dett=3&cstd=143&cisv=r20221110.73444&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:09:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 05 Dec 2022 14:09:38 GMT

GET
H3 200 3385188129205581469
s0.2mdn.net/simgad/ Frame 85CA 650 KB
650 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3385188129205581469

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

009d264a72d63175a6fe94b6a4e763e22ad59aaa197d4756a6c80e887b764878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:37:03 GMT
x-content-type-options: nosniff
age: 12755
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 665341
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:38 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:37:03 GMT

GET
H3 200 8860386787325939047
s0.2mdn.net/simgad/ Frame 85CA 433 KB
433 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/8860386787325939047

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3863b9e450786df5398c484d2ade313085aa2609619311b869eed8cc1336cd23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:37:03 GMT
x-content-type-options: nosniff
age: 12755
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 442893
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:37:03 GMT

GET
H3 200 7372418829410909319
s0.2mdn.net/simgad/ Frame 85CA 637 KB
637 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7372418829410909319

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a64280247284e1f2ce84b7f8f29d4b412922340286e08e3e5d83facb6d2d7fc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:37:03 GMT
x-content-type-options: nosniff
age: 12755
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 652454
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:37:03 GMT

GET
H3 200 1307873851224393456
s0.2mdn.net/simgad/ Frame 85CA 567 KB
568 KB 20ms
19ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1307873851224393456

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab20fe83ae57fe61b940224b782b360a0cac2a7f094c453d8276394440fa3206

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:37:03 GMT
x-content-type-options: nosniff
age: 12755
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 581091
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:37:03 GMT

GET
H3 200 809819794632992036
s0.2mdn.net/simgad/ Frame 85CA 806 KB
806 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/809819794632992036

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7719806b8832be0122abaae400169faf287ff66d0ccc3031cc4f676957d2d224

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 03:22:23 GMT
x-content-type-options: nosniff
age: 298035
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825173
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 03:22:23 GMT

GET
H3 200 3811482112534418317
s0.2mdn.net/simgad/ Frame 85CA 5 KB
5 KB 21ms
20ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3811482112534418317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30f9235422594603bd06a72afa5ea98eab56daf0ea66f76a1b9d2020af1f851b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 23:45:54 GMT
x-content-type-options: nosniff
age: 224624
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4744
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 23:45:54 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame F5A1 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 20:40:44 GMT
x-content-type-options: nosniff
age: 235734
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 20:40:44 GMT

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame BC99 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:36:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 13:36:27 GMT

GET
H3 200 charter.woff2
s0.2mdn.net/sadbundle/13346862896165610851/ Frame F5A1 53 KB
53 KB 29ms
9ms Font
font/woff2 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13346862896165610851/charter.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd81384f187e42628894eed4bb384acd8209a3980c45c3ab285ac154f28bf9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13346862896165610851/index.html
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:04:56 GMT
x-content-type-options: nosniff
age: 14683
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54205
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 07:37:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:04:56 GMT

GET
DATA 200
OK truncated
/ Frame 85CA 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 3811482112534418317
s0.2mdn.net/simgad/ Frame 85CA 5 KB
5 KB 16ms
11ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3811482112534418317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30f9235422594603bd06a72afa5ea98eab56daf0ea66f76a1b9d2020af1f851b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 23:45:54 GMT
x-content-type-options: nosniff
age: 224625
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4744
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 13:26:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 23:45:54 GMT

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 3195 36 KB
16 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 13:36:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 13:36:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 674A 0
20 B 120ms
115ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9qdfofuNY9_6OcfZgAeFmKu4AgAAAAA4AeAEAg&bg=!GRqlGl7NAAbvMpMzzzI7ACkAdvg8Wulq6iI44L-SlsUUDICrgwkUJpCD9sFa0Nq0F5X5x0racfHE5gIAAAGyUgAAAANoAQcKAF0uFg5RT8rakdw6i-SFkQjO6QS-snkkeJwV88dCjyTjBTqf4jnLyW6kGp9WmKRRzx1-bKPIIu4AI9ZVi1D6veDmnI1ee9B4MfO8LEMNYbVOlHcaD3FK2qohVE4uB9-ZAvqSqoMiHwYPkKSZ1ByL3mByL2pnRDtEBd_HlLDj_xYUX-McVmKQVSB2MD9dN2ruzhYy7TI2pO42c3WOCIRcVo1HrCuYvNhBF1F5FmyaSN6vCiccGKO60wAZh7ydArVwi-nH_tzlvP-o31xCZLypYk9IiuN1pzRtsPR7IwryY9VRbGfTAKt8xBwXqOK448JKjFj2oxEzmHC8l0sOFQra9bxjAO4zT1L7wR7DcdWhhtvagwMV1dY-Qj2cB7ctL_0k5Ko_dDzYHLxJgnf4CzSCZSd23xM4x8oyNormY2OZ8Mai8aoBrBK_BgIqfUpSF6J1sQsQVcZb5XvZGqa5iEobwkVPpC9cNwioiLIFhfw-_OaexoPLVxzzVdQbA1E8LZ1Z-9ve3ZWSWMqJoVE1uKhnCsGCLi_ABWbvmh0qsI76T7nuGwY55k1KObaNofLiAmDGxhLLhAfGRVSASnOIpIBLfvdS_V8nRw522oOul-vj-8APzRS9BI2-bVTSFgIs0t4LACVLS5wZQ80B1JQzvT3uUYp1R9SiMljzdY7uVHy_7AqtaEP72T_cP_Ty3DF2hTIpc5PQP6u77dzJu5f8N_1JkGUOdpjZiOo6gDR0fg9jFlb-zI4ygwhxfUq16m5Zm6u2tUjJtWSpiyB3_46hn9g8OFho0KDOaDPAz0AzvtgzM4A_JK1AbCcjhpqZFGHRgKmegGgG9PHdf08Ij5OOO0OSrMYLxNpYErJH7zBtDzrKXvuweZyIqEf8-R8SUu7-wrDJ3ev2QeF947PhE5KBplOqCdfdbrwdJ0hG6a5QJg8c5Kh1NGCDdHogTiS0KDsl0domVL31b3dz4g_oxDA48FZsm6j6FqJjanu2FgOT-FO4X54Jr4oLpCNI4jyuqkpzo2dh9YpfBgcDsN81O3vllxBTKWLYowdCoOdK1oQ8sc4xOACKzb5u7rLa1WKyQ82f870JMwKrZ3VtHsjIo_zFDo8etCnsbGencgyB0k9WSZd4JYgke6jy0iV76OhiVVs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 8860386787325939047
s0.2mdn.net/simgad/ Frame 85CA 433 KB
433 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/8860386787325939047

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3863b9e450786df5398c484d2ade313085aa2609619311b869eed8cc1336cd23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:37:03 GMT
x-content-type-options: nosniff
age: 12756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 442893
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:37:03 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B7DC 42 B
64 B 164ms
159ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv_BkWNWnpdfAZfcwOWGaE7CcP-QCfiMuYWRundo5sNLGnGkx3rjfQ7cdJne3G29pmKFGPV5h_fKCJ1ZTVauHC7cfgLmFV_78bUfJStRfd_o2hS7XBtJmsAmpZFCYX7M_do34Wftw&sai=AMfl-YS66bUgb1AnN6He4Ij7uRpg4OkAADFXlNrLz-xzTDyCiqan3f70ldjEXQBwd1-MdVe4B6pr5hUUyWK-jDd0uRcZVA6aE2qSel_Mej0lcWr5120sNlUsIodBoaczCPm8PIWZOU-PaPYDimMhk3-C&sig=Cg0ArKJSzFXQtHvn-HHOEAE&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&id=lidar2&mcvt=1037&p=811,429,851,470&mtos=1037,1037,1037,1037,1037&tos=1037,0,0,0,0&v=20221130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=210898386&rs=4&la=0&cr=0&vs=4&r=v&rst=1670249377849&rpt=261&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ED49 0
20 B 124ms
118ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDmTWofuNY_3bOtfc7_UPrqeL4AUAAAAAOAHgBAI&bg=!U1ClUBTNAAbvMpMzzzI7ACkAdvg8WohSqqo2I8MARLu_X4UXeskR9jB3LT257zxrLdahSek_HlSC1AIAAAHdUgAAAAVoAQeZAvBJFXnSwiHcShn1m9hmpk6kGDu1PfP12NgsYpfbmV1nkbMWWF5Gn9rSE6rAa4aMKv179aVXfuXN_fuKq3ugs6tnfrPRKGgN6eoBI7wmqJmxZY1MCkO2nb7gDl_9vI2AH0xqK-0Vgpp6PwoJ34u9I5X4uTtGWKflhZB3XYeGM5b8mZp9ch030sOGNI679gRAMGnYoPnT4oWxOSWYP6S8iJmxPwc84pjuPPmVzRDYaq-bawfj_0PxM3XfMh5b_2ArWX0WBVYiDmQskXFIjV0dKka9-zLgyYLZRj7XaBz6IA7WSCCRy4ax-kfXAeIZBby2kLGA_IlRmJwq2zsl4BTCwTbgEkJWqziUXxDWwuVjiED3WWeMVNI3rrkYZYhjfSQgFRh1GPG4pBDZiH8w8WfljrtuuAbMmlbfvrCF_qoqJqJ2OqjG8Tx_f1o7_TW9vHAwa03PU0MLW-ivwTCIA7-EFQZBfUd51-IKkcYUwfXwnoS_l3xlYj5ln-tggZP3uGwFN14oADPTcsxMdNLpqJqSZDrQOXFbGfdsDZL4trsq_jpUYwzcOHnE8xV7zNlfvjwKeJnt4lG2bkSsDkKcnMYm-p_wXPw0i-45vIpT6mxtwuABCjkfEV53VYszDYhDHYh4onrNj7KXbhq0eF_eT5kTlarJrRkFyQD8Gskqd_HwMQO7qE0fnjTRiX7w-nHIW632lxSOZJs32wQyUr8dcf1HTuiwx-IBPnMuVVormPQIJn_YWOfi5fsKsPDVT7z33oTteWCd2a0t1YI-bqZqMkZeq4IiaSIf_lBaWhrslc2AL7ahgjL8nZk8pUQJDCl0gFbH3PFL8--KDCcuNOGHG-eZO-KW-9fadl6j3cOzAPDXvw-56riBRdCFYaZBHXadi9b4rEtP5yVmMQ9F70GmadyNvgfF3tEYlLG_HhrBbthnFxHucm3K0K1FdGszsyfHaYX1mjjnk5_kyLPa0HWsevKODhw2lRY1tPBI8qYUmBEsdUAc4A

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 3385188129205581469
s0.2mdn.net/simgad/ Frame 85CA 650 KB
650 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3385188129205581469

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

009d264a72d63175a6fe94b6a4e763e22ad59aaa197d4756a6c80e887b764878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:37:03 GMT
x-content-type-options: nosniff
age: 12756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 665341
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:38 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:37:03 GMT

GET
H3 200 809819794632992036
s0.2mdn.net/simgad/ Frame 85CA 806 KB
806 KB 12ms
10ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/809819794632992036

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7719806b8832be0122abaae400169faf287ff66d0ccc3031cc4f676957d2d224

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 03:22:23 GMT
x-content-type-options: nosniff
age: 298036
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825173
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 03:22:23 GMT

GET
H3 200 1307873851224393456
s0.2mdn.net/simgad/ Frame 85CA 567 KB
568 KB 28ms
26ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1307873851224393456

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab20fe83ae57fe61b940224b782b360a0cac2a7f094c453d8276394440fa3206

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:37:03 GMT
x-content-type-options: nosniff
age: 12756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 581091
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:37:03 GMT

GET
H3 200 7372418829410909319
s0.2mdn.net/simgad/ Frame 85CA 637 KB
637 KB 32ms
30ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7372418829410909319

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a64280247284e1f2ce84b7f8f29d4b412922340286e08e3e5d83facb6d2d7fc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13460174838308012032/index.html?e=69&leftOffset=0&topOffset=0&c=mnC6wmVMy2&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:37:03 GMT
x-content-type-options: nosniff
age: 12756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 652454
x-xss-protection: 0
last-modified: Thu, 10 Nov 2022 15:35:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 10:37:03 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A88D 42 B
64 B 172ms
157ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsutt0CNjsEc_7wowQJ8fUTtHTH_ur4M_-dG9_fhfWf7ygMjILJhqaGo-7Sw8NcF1iucAxEKfrDRehVtXFitpOpxsLDPgBT62upbTTpVJ5_vnirbQqe4GX-ysujwHhAC1Vb2lnnKvBE&sai=AMfl-YSPzD0oKMYywnDDgAwrCV0_28AregVzJg-XueSAhtagwBn7hQ3dz0C5kKC-UpRFdVfGFTqQW6ZaN0zBIsOG8wE-N3dn7MDKMxKQou64XQBGBdckRrzedlNX4ZwLAnjreZBXmTV2TEamOwWIZPQn&sig=Cg0ArKJSzGPicinrKdETEAE&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&id=lidar2&mcvt=1064&p=283,1249,323,1290&mtos=1064,1064,1064,1064,1064&tos=1064,0,0,0,0&v=20221130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3271815912&rs=4&la=0&cr=0&vs=4&r=v&rst=1670249377852&rpt=279&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 158ms
157ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120101&jk=4147905082598504&bg=!5-Sl5KDNAAbvMpMzzzI7ACkAdvg8Wh4cmKTHWENIb0wzsPgmRddquCWTgiSea3jEAY7UksWDx482jAIAAAIaUgAAAAtoAQeZAqYUlXnCRyIEUU4TIRGGlHEoe2d9hR3bW-VpEUaFcaDXzQ-vJgtXd3403f-uIdKIvQQjeOiGwrdjcGrXS6co2rgXZzrWH3bEhAYnBBo0m6ksiLkyOsmJuAhSUDVdAz8LoU9nFKIi7RfR1hVVbWEWvu6kmXgqwC77R5WfM_VZUfFARtToQALSJTPH3OYHiXp_TVe2DwRutzMdXHpr86bXM1IpNAMOCUGA70W11xjT0S01UML-L6-V47jvLbrKsYQeynt6wRalr40eDaMh_jlZ11E5HX-QyQs0WZ1dKNIURVmGOlm3zPsVWR_5-oZhhtzmGsLNBq1xY67COWHV9Fz6J9lhQkhcmR1TC_ULDOpPcX75U5OlwZsH0yGdVtEllU2iWDXR31Inou-2BCI3ZI0rScnHEvpt7d79rgSS5MYgxLcRTN5DWqvav73RDZ7q58dkB2rILoqJnikFTwxe6hX1XdROnqoVlC_rkyQUnXU8l6Vfzzb8FIekaxLyOgPEqK4lC1O3PNp0tU7C3TMBxsGoUuLlqWEc1DC3neRs3OXUQ4mag66GYfNvICmN_iffE7D69kB0paniynR-_oM0rV3wkn7vfDpjxxVL2KlkDLTF92Ap_u52OtkuQnDI-84EMoDyk9lR0_zd-6vxsNxzJMWp8Ii5ADtNzika1sPXJjDlu9hlIpqsAYHdIsvNhvNI8FiNhF1IamrCsqDw8w_omHkbLRiJQLf_Jhqcyp2nltRPR_Z5fkGEozTXsvKbOqPK1_Dgz4-VvnAVqA_0d4-YZAPV7CLvReiUemJyCrolBArxwS9rewUVz_khj6_bPdoVcGS8_XuhhAM41_-ofIA7i9CqPDjdqtcLX2J7IFnwIQxkLleO0ULo3tuT1a5RNwul8QvaGUWoWPrrV5c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4AE3 0
20 B 114ms
113ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6W0FofuNY6KGPI2U7_UPkcuzGAAAAAA4AeAEAg&bg=!uLulu__NAAbvMpMzzzI7ACkAdvg8WqyX6D6inLSXChswtEWvF6BT4JsMl8s4WnjyBzP5gIJE-tCfGwIAAAIwUgAAAARoAQcKAHxO2fmDyF5p25BjUIa7OXkI2KL9bJiCYj0zDi7AWMMjRoo2JdS3I9k000xSO4YqzZYCp8i4ImiD6pwyuAqBEbMVw_6pFsGJUkIF2bp-09PxgSIZaDfyAyUDy6JkJICz5OOW3B3o8uUyPrZJcCRYmt1bQHERZL8Z7FeFOTC4mQLxbOTHJZFrXNJP7Gm1AoZ0B_f05YzJyhJeiCPLYyB0aJdrumco3hZ0UB8kn6ByeUIrNNnwq1aiPgX0pJZhVhqRK4vfe8dOyP0Ukw5GSvJJK_jIgOJqpB2bmpIXSQvFB-Q3rKfSd80RISkUIZrW-pSMWdy8md_oLcvEw7k1v9n9Ij2HO6uLuEdNJPgf-zE6_yCtlixlXYDbx2dwxponccBa0zVEyfQVZ9_tP57ed447Fdgp5-4Crr65xsUmyDzlTKTLJFOMTyoGdkTmbfrGTj9X0uFFSWe2s-l8uttc2BZfEePpkYfZDPRbItRLFyHoo2AOjeABOkm8uSH_9lsrz7uP4v9gYpgYga470dBummZzMyz8EQ2uLtCW3IQi-3bw55bdW0c0nHOcTsKBlRffVAbv4k9evdQzHcdgXedDEZD_W59jOKxVwEprx46609JJ0l7ZGKgNGE_z7TW_xVgtT1bnDsZANf2iOaw7YgrpZ92K4Ztr6mdjFLTDVjZ62uF-EOKSdXLYhk0IMbtvoDUbJG7EODBOWbViZf-3eO0j80_FP-rpDHETFnViZe0Qtat5DtLVXcLtW6eE-aoGx4hbkeNa7c1KDrZ64gikp2Ux0kG9a5drCuk-qFAZZRmmk9AxjXR0SptUr3cNR63_R9qP2a4ka-IPqDBhPnFQ2rQhp1SC13Bukq5ixMM7Ki-mqxpr4A7_32PfMUUoKWfIhkY2et1j8EAhnYl7MlPKU3NjZXVXhI3mGIVXkCxoE9Y9WXM82KsEccTUVdrAbtvRm5lfM04LZ7x-BaRnj_47I37S4qwKIXCNNPmGQgkaF2gL5PwxRhjXUFlU5mbOdF3w8lmhyVgIJBb7MqbUfuSjmBytGtoKBE75jnOcIBQ50THee5q0vgwgKulpJUw_J4SIQY1sc8vHPk9C4ItDTypjvLIHvMfnKLux7OAmGim0D1dS52gFl5Hm0Mbkvl6mKdFbqs9FnZOLfs3CCe2ki3H-yWYBtdFxLLsv

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CDD8 42 B
64 B 158ms
158ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuHOXdbqEAAv4-0F5tX3H1jqvu1PsjzKa-TK2iUfEjF_8mVFKvI1gpuNenYfR9OTGhJxpahFcBTrm9fN6RDDoBroIBjtrOQSLF0nu5SmQD3kIBJOTnRdB2VEot5iZJBUkzQphNvsw&sai=AMfl-YQrua0xmyrJ32OluK8ZMWqo4N6cepS5WNU-3ofWm4fMxYzlXIQ5n55s0-6fmWWuEseBQRPg2zfMavyYjDIFxPS8STZ2c4VYv2JE5k-umc-ZaPMGTVZ8nano2X41NwXxzCCZi2kEI6ReAKMCVd7d&sig=Cg0ArKJSzBSA567MktpCEAE&cid=CAQSTADq26N9JQ4G9Qqc7sdO5syEm4LbGNKaS_aAQqlO9QG6H0xw_Y59vju-99kSuZDZtL3tmBsENtychJvDXRaRtHzUTxXV4USUZyX-wdQYASAT&id=lidar2&mcvt=1053&p=37,562,127,1290&mtos=1053,1053,1053,1053,1053&tos=1053,0,0,0,0&v=20221130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=192288229&rs=4&la=0&cr=0&vs=4&r=v&rst=1670249377856&rpt=581&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Dec 2022 14:09:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: vendorlist.consensu.org
URL: https://vendorlist.consensu.org/purposes-bg.json

Domain: vendorlist.consensu.org
URL: https://vendorlist.consensu.org/vendorlist.json

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zdrave.bg/	1969-12-31 23:59:59	Name: PHPSESSID Value: 35ea02d805eff11a1d51598651e2c2a6
www.zdrave.bg/	1970-01-20 07:57:40	Name: etargetTimedXbg69700 Value: 1
.zdrave.bg/	1969-12-31 23:59:59	Name: __utmc Value: 2577403
.zdrave.bg/	1970-01-20 12:20:17	Name: __utmz Value: 2577403.1670249377.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.zdrave.bg/	1970-01-20 07:57:29	Name: __utmt Value: 1
.zdrave.bg/	1970-01-20 17:33:29	Name: __utma Value: 2577403.1180795947.1670249377.1670249377.1670249377.1
.zdrave.bg/	1970-01-20 07:57:31	Name: __utmb Value: 2577403.1.10.1670249377
.adnxs.com/	1970-01-20 10:07:05	Name: uuid2 Value: 663008336415117066
.zdrave.bg/	1970-01-20 17:26:17	Name: __gfp_64b Value: 084qUh6HyHx1GvooHuqsrr6n53q_7zNE.Mz85DHnViv.t7\|1670249377
.zdrave.bg/	1970-01-20 17:19:05	Name: __gads Value: ID=d43f6de945c6dd2e:T=1670249377:S=ALNI_Ma1dDGrHCJorMQ0LgMFZFWnExqNbw
.zdrave.bg/	1970-01-20 17:19:05	Name: __gpi Value: UID=00000b8dc699513b:T=1670249377:RT=1670249377:S=ALNI_Mb8M5VvnQ9ROoi7I5hq4cD6LqW2xg
.hit.gemius.pl/	1970-01-20 08:07:34	Name: Gtest Value: Klx4TMXGQMGGIN4X28m3udMissGMXP8c25nSGVTcWEH7XBG.
.hit.gemius.pl/	1970-01-20 17:26:17	Name: Gdyn Value: KlxztRaGQMGGIN4X28m3udMissGMXP8c25nSGVTcWEH7FRxSG7RrGS6Gk4GBFlMMYH7hRjBGqSRxSG8.
.casalemedia.com/	1970-01-20 16:43:05	Name: CMID Value: Y437opF07vvHLXM5gpFc7QAA
.casalemedia.com/	1970-01-20 10:07:05	Name: CMPS Value: 5194
.casalemedia.com/	1970-01-20 10:07:05	Name: CMPRO Value: 5194
.adnxs.com/	1970-01-20 10:07:05	Name: anj Value: dTM7k!M4.FCxrEQF']wIg2E?emB<6X!fsuh$e/p=nb.s-Z=4.Sr0$EWqFKpG?bOC2TE]b)q)L3wnY8ci)GM=Uppp)9GdD0[%p[s>%q)3R<rnTL
.doubleclick.net/	1970-01-20 17:19:05	Name: IDE Value: AHWqTUn_IYLa24cGnkT4OEFn58xv-NAfi0NRfSjgSuW5xCaHPY9xCPeQ1lpD3EeXBIQ
.adtriba.com/	1970-01-20 17:33:29	Name: atbgdid Value: 2d3c88dd-5d85-4f16-a89a-39176b672d4b

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: webpack:///../javascript/src/WindowManager.js?(Line 674) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=1&rq=e4f05a7d-5c06-1b76-290c-7bfc90da422b&vt=fef5447e-e76a-42e9-9ad0-cfdece5a463c&isf=false&zn=533338dda&tm=0&af=300x250&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=34131c29-f28c-a38f-db67-0e6bcadfc398&ct=bb80d014-6d6a-d69f-b9e6-05a90848aad7&c=hA_c_0_7b938c4b&ah=0&, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: webpack:///../javascript/src/WindowManager.js?(Line 674) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=1&rq=e4f05a7d-5c06-1b76-290c-7bfc90da422b&vt=fef5447e-e76a-42e9-9ad0-cfdece5a463c&isf=false&zn=533338dda&tm=0&af=300x250&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=34131c29-f28c-a38f-db67-0e6bcadfc398&ct=bb80d014-6d6a-d69f-b9e6-05a90848aad7&c=hA_c_0_7b938c4b&ah=0&, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: webpack:///../javascript/src/WindowManager.js?(Line 674) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=2&rq=e4f05a7d-5c06-1b76-290c-7bfc90da422b&vt=fef5447e-e76a-42e9-9ad0-cfdece5a463c&isf=false&zn=e45aec764&tm=0&af=0x0&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=0749629f-acfe-39aa-1fbf-8080ac5929a0&ct=47490c44-b8f0-8f55-dd10-ac0a8bb06663&c=hA_c_1_f4e365ca&ah=0&, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: webpack:///../javascript/src/WindowManager.js?(Line 674) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=2&rq=e4f05a7d-5c06-1b76-290c-7bfc90da422b&vt=fef5447e-e76a-42e9-9ad0-cfdece5a463c&isf=false&zn=e45aec764&tm=0&af=0x0&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=0749629f-acfe-39aa-1fbf-8080ac5929a0&ct=47490c44-b8f0-8f55-dd10-ac0a8bb06663&c=hA_c_1_f4e365ca&ah=0&, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
network	error	URL: https://vendorlist.consensu.org/purposes-bg.json Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://vendorlist.consensu.org/vendorlist.json Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

04a1f1a249941e5746bee4925c83d732.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
bg.search.etargetnet.com
cm.g.doubleclick.net
connect.facebook.net
d.adtriba.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gabg.hit.gemius.pl
gdpr.sportal.bg
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
ls.hit.gemius.pl
pagead2.googlesyndication.com
pixel.sitescout.com
relay-bg.ads.httpool.com
s0.2mdn.net
securepubads.g.doubleclick.net
tas-bg.toboads.com
tpc.googlesyndication.com
vendorlist.consensu.org
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.zdrave.bg
vendorlist.consensu.org
142.250.185.162
142.250.186.130
145.239.237.56
146.59.30.96
185.80.39.216
195.168.10.173
2a00:1450:4001:800::2001
2a00:1450:4001:800::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::2004
2a00:1450:4001:812::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2006
2a00:1450:4001:828::2001
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.123.239.61
37.252.171.21
37.252.171.22
66.155.71.150
78.128.6.44
78.90.206.186
85.14.4.130
91.209.18.100
91.209.18.90
009d264a72d63175a6fe94b6a4e763e22ad59aaa197d4756a6c80e887b764878
03934c8c4af46d1ccac0264b05179da73d1e1659069e1dae283e09cc9ed1b2d9
07b9621ff6886bdda3fbafc4d21319eab9a92a7922d38bacca72f5679249ac32
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e4641d42f16ada968a14becb36bdcd0f12039819a281a9ccf6bfe26b990113b
102423e1eefe81cf7be86b18c52ff4f91e0905b64277582386529dfaaa85e844
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1a48949e222f4d06fa2b976a5a69eeaca967c0c0579e10c43104c04bc4f46bba
1ac5c3a1604eb19f5c47e157ea3b58b4297428e653b74d6def6b41661a25eb5c
1c377127bcfa3c889dd0bf2b470b8e82892429dc22ddc8fd267f071dc74d3e42
1cb0a40c539ea57c6cbe2c2541b83e25919fc8c39ce81e545ec897eea4232901
1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1de6e720901fe5ca658c1323b895ef2d0a14508e1403cbfc1b18d938c610d452
1e99c54c8d777d1b291f68296ac99fe0c7b8f51153eb7b36b1a88b4783bfd2bc
20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394
257c9947bb8a45c4a0519f4ddc8769ecc7f889e268a046b0f05c17dfc7912eee
27a035532408f9fbe4e96fd96e121b4e68e38586688622abda305e460725691f
28cd1264bd1c0efccf4e7e030e8fc0dac7f2176f8d88ba60c8714ea738a8f550
294a8041d261138b6673afb0ce72c680992d5a4091009aa655e6e79297f9d9df
2a13ef017bc3ec8946953ff442dba8259750a9c6a1190713a57bacc6005b6a7c
2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5
2b4fe6e33e24427ff09805210219fe3cc19e22ed637e003efeea9131ecbd9121
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
2def643052cff38eef41134268f401bcfcc4eeabfc3080fe3a3f0f7026b84a5c
302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd
30f9235422594603bd06a72afa5ea98eab56daf0ea66f76a1b9d2020af1f851b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31c1401c5e39742fc59a62a1fafba5eceac889c3d61cc436c650b743a7a9a65f
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
350d86c0140550202426b067ebeb07ccdab9974634cd9679316cd8e72dcbfd7e
35e04b4855605c908b85662df66fa3f5fce2fe1fa2d284873c1349b101bd7bec
35eb563cf282f64e4290ebb53dbf13028e4b8477b4e6d83813083d39761a1c2a
3863b9e450786df5398c484d2ade313085aa2609619311b869eed8cc1336cd23
38c41f2a23606c4ac956be11f4ed1cb6fd451007b5afd53000bce1a9999ef273
38d95de33678eb79a5d7632f0dedc17f54defe0da27cba210acb8916e520f8a1
3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b
3a6716d37cd90218f0d2574530f4937da64fe491ef6561cc11346b5fe8194abb
3b1b78dc0bec6c4c5e65036a6d67c15a91ae2fc807f61ddab5ddccc3483cb9c5
3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552
3e721117219198469e6833d133eb0fe938c8de9719567707cd056c8fe498ac9d
42285c7370fbff808491465a745957b30cc582b602b15649d3fba714ee602988
43135cf7c31641d06df7ff2d9a82cd764c227fc5fcd7ecfae563acb03dd7228c
4352dcef55a499ed21de78785c1d6c67db60bd24a37d5df8859d987682cb8fb1
45f03badef9166a1e3a0a32d90c2142aa3426de23b7729770328ce8d0853f0bc
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
473f3e92b1252dba029b6c5d036d7dbfd02b1c7d8e3fda3350c22045f21ed733
48eafd6fb805e98ac921655e088e40d409f3ee99696675ef140a6f94cbeded00
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d6f39ef46419482e924286a45ce79748ed22edb7de4bafa7575597214ef373b
4f3a3090e0884756fa93224898619ab10c0bf0e216421914dc787287a76cedbc
503621190c75700c18c84fd3ec0977bf31b083d66e331d1009bb9cd17cdb85da
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
529e7649235a7ada58f6f8e1ac45cc35a271ad3ca5f4e9499477d0039206b4e4
541005c082e642b1dc10bd00c96a49f3c581e3f2b40690c97baa06685adcb87b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55ae3019ffd5414570927a95d425239d2ce501cf36095b42f8763cbcfd07802f
56b037e4ecfaba364af8e4eeecaf4c4a666f9cf633e789e61b6d522b49b82e0a
581b5d3edb9fc27999b016832d576b42d39a6702eacf9e9ec60d8c0a6917e381
58556977e7860db2b6db32a94b0f4549ef12839318d98455cc553b5e4bd32c65
5a45792c7db4934ab03ec970a8c0ba92d5b85e5af4482112dc9727fe94197250
5cd904ffbf1bd57de5d0f87227dda38cc47138ebf97974e687ec4407072e4584
5cf50d317e676bf06064674799012075e3cb15a87cb82a0d2d17eacc75e1d21c
5d7f62e31648500601d00fac1e75b9bc485f37834d6a71ab1e33e1c006fc7829
5e0a6d389252a6a887d3b5e3c860d758d47162b44481550be199436d95079145
61677ed7fbd1f41b94a9b017dc22579d44c6ebecee1628c84d92683b567f1f8d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c20338589681fa90505e17e71276bbe312144ce5f3d80d3ca3a540d5e95d93
64dfbb41c04ec6e3bdb0a265c13e74385c8312c9bba15588f421f57124c13e70
661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547
6b15ff8756e97e5bea28b6c68a88e362cc912702ac0e2a74b7f2fe0153fe95de
6b1ef4fccff6168cf7ef61c86050808e9f1a905b89cbecec7428337e380c882f
6c3223c27067f54618683e5fdfe83536907b179e81ed9a39873aa8b8140c05f2
6c6573c2cf885d137cce0a8373a7a6e292972b597b9b08ae74ba0f1382cbd59c
6d57e824e059301698f353db1cf92025de2a6d1e6f8c5abbffc24fc768e13550
6ef46bb8ac9953f3a931c08fdc788f7eca8a93b7cf6a12dee6dcbbd088dd4851
6f94da61df33854f21c6df7a5ef4574368905bd23ac88229b69478bf87ea4a84
72a80770f582b1bb93c4686c2d8f7d96cd6e911198e518ba3f19cd50cb108804
76fd4dd5c74aea6b02fc8ee6090b0bc6a59eda5f9d6ff38b02ed1eda91a99a48
7719806b8832be0122abaae400169faf287ff66d0ccc3031cc4f676957d2d224
77a9b3e8ab37517c4c141fd7787920e7e5aafb2c026b9084706b7a85ba3e19ea
782a77ad65b778b8745670755fa9b2bc96e05c865936460082e3e493ddfd72f9
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
796c84eac5bb533e3ed7bf97fb67fa1d1ab6b6115f81a82c9d1994ea415f7a44
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6
8593f78c8259bf81cf89be006d0402c212ab6035e9653206ff9bd9b9f3fb6e41
85d4ef637cacccef5919fa290c3c104c8682d939e7f0b1e4d0cfb67f09307778
85e39297c3b650ff163dc68dfe3b6b8cbe3d509f8ca84a1c5c7aa938691a8448
866adec983f3c77bb4f6584cbffc36290ba9e0252b7ea388240e5e58fd8e6876
880620a7585e7391c2d6049166ba8bffd02e39a9d4c506900cb8dbb993ef51b1
8a33f2d843dec50c117b7023802cfef9631c4e163bacdbd88b7eb6dc8512f6cf
8d63fba992512d3d08c8a9f7b770fd6203622bdc6284e30af91d516f5a753eb9
8fbe270934ee1858c90995db6d4ed8af552119df4087b7a71c8fd915de7c3942
94e3d2444192a16a5440e24074941287108059b70bef2202a2bdcfd882f5a75b
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
97b37c3497e067d19d97bdf7b62b5749b3e132ca56220e5698d8d66d90757dd5
9993912d3b5ba3ac5c8662d54428458c6a00ce001ea1c179def6d3fe6c3e45f4
9ba6247d89411f5e450c2348f4605a57f12122b29cf102671929c26c905e66b1
9cc2a05d65d6805b9ea06989155a430932bf4d994915a617ecaeab4dd2dc5bdf
9ce8bd0ee36a0c73ad575c2b1a3d8117bb51a83021a64510197960c8fe5a1e72
9fec94b4ff143599afb447b8fd3a2c2b3ba59caee8670c59042fb7bd3433f58b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6141f1116860a115764b64d04704a0bccba86936f2236ec876af3cf070436aa
a64280247284e1f2ce84b7f8f29d4b412922340286e08e3e5d83facb6d2d7fc4
a960c0aa92033ca3ecfdd81cec7a4443d8e73f7081f1d5fb91f165e05e2d58eb
ab100b2b5cea43ed7e6d90205014fed9b4df8d7aa8c04dba39c61f3667d1adc8
ab20fe83ae57fe61b940224b782b360a0cac2a7f094c453d8276394440fa3206
ae7e47dc4962b2c882df0b7f66b29168654075e4ebeb7fe481c7d2ac3330412a
aef81bbd6c293e980919d94a8a53b2652bf77a7d4900ee4b9ca244d2a456ac51
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a6d5f4ffb9218e749c18808d39035c35fd82bae68544aa27bf7ac9c1dba6a8
b359e6245000ade04dafbef2e6075319d92057aac9547c2d6d9e37e296a70c91
b583d05bbbb011366fea9dda74ebd9cf77ac7b83fc1736e7c8529d151e6277d5
b5983a700736883de9922d6027b0755f61fa64b7bd2baae389a458bd82fee7dc
b5c9b565e21dce9ebed5eab5acfa741ba584d656fefad1e0766cf34ad869b8d8
bb998a86cbac87a0d49bb25b54abc93972824501d99531b2c69e2de3ecebc13a
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bd81384f187e42628894eed4bb384acd8209a3980c45c3ab285ac154f28bf9a0
be6fd99e19aac74aa0fd01a271bae13e65496afad769c0df1e5648bd9a2cd950
be8a61c5d7715ba61c258ac1b146a8e29da020251bd6dee9cc36424a050e560a
c0b59c362ae740c391e742fa4517d90b9461b416b9bec855d14c04603dbaf71c
c12883dc07f971d67e5b7c0b6bbb496858e0721f94d05706bac6215bf9b6908b
c3bde849d03e98d51f348288b83e1a6603459bfb658bb644133a8e3b28ad9afd
c51a4086e332a8b351790a53582dbba5bd78b7a1f021b829d93da3ad59ca575f
ca6cb7fcf6c6f22035ddeb69762ee6b184d41f02fe467e640bf132c803507db0
db9d01707fe76a51a28349eca999d875004049d3ba47686e7274fa1c79b0a869
dc8728c1496b8e20ec1aba0047942d310261ea01954c81bec4be55ecfd091ba8
de0026beacb0fa66759930355e717fe89078974692859c2aeea06f11b64c1de0
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e33d9e3eb211444580014e5a7ee28f61f8ad40ada8a191246ee2988cf9567285
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ccd587684aecb12ffd28299049ce91940e92b5088dc8b09daf4b41b1fa6e30
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e47b9e815087e2fc99bbf6cbf261c70deb464a65398b4f20b20a12594fa1e479
e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc
e56c25942686f9680cd51d2d21660b472f927a3b5af02a69dfa591772d169c18
e599f75928c9adfc5466b3a9391433e89623967d26665b7c7897ea69f2ebf0d4
e69abd7e0cc82f336e61fea889e406ecbbeb7ece1df960231b7a9ba0d1dd1676
e9b220c805348a7838456a6b487e3b23fa3534437804888f46f504c221c2d006
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2172868bc46d74ad32f2715bc25a8716e07a784b2ecb24d9d077d2125c6c993
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6746a9c24952c674339bee15c931fe98677dfd627a2f4916701b2b59376fb88
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f842c2f18441d992486b6b7387ec4e78fdd55f1fe900cb070b8f24ce26920d15
fd2ab750d86b553cb3752ee5b88c68992b0c9ee89b47e5c82c7305d9ba76b40f
fe322532eb93c5b3c159a5f6456b53ebd4e8855e77964cccac8ae089e741f28a
fea569f188a1e367fefddfe745bca44cf1a79d38b1ce22ebc456f83d93d32059
ff4c6510b024bdf4d4a38848129fe74137b0d2eb3acaee253854a51e385e2273
fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

www.zdrave.bg Open in urlscan Pro 78.90.206.186 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

217 Requests

65 %HTTPS

46 %IPv6

22 Domains

29 Subdomains

27 IPs

8 Countries

8243 kBTransfer

11033 kBSize

19 Cookies

2 Outgoing links

Redirected requests

217 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zdrave.bg Open in urlscan Pro
78.90.206.186 Public Scan

Screenshot
Live screenshot

Full Image

217
Requests

65 %
HTTPS

46 %
IPv6

22
Domains

29
Subdomains

27
IPs

8
Countries

8243 kB
Transfer

11033 kB
Size

19
Cookies

217 HTTP transactions
5 data transactions