www.zdrave.bg Open in urlscan Pro
78.90.206.186 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.zdrave.bg/
Submission Tags: falconsandbox
Submission: On February 16 via api (February 16th 2023, 4:01:15 am UTC) from US — Scanned from DE

Summary HTTP 211 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 29 IPs in 8 countries across 23 domains to perform 211 HTTP transactions. The main IP is 78.90.206.186, located in Sofia, Bulgaria and belongs to A1, BG. The main domain is www.zdrave.bg.

This is the only time www.zdrave.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
45	78.90.206.186 78.90.206.186	35141 (A1) (A1)
11	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
5	85.14.4.130 85.14.4.130	8262 (EVOLINK-AS) (EVOLINK-AS)
1 1	91.209.18.90 91.209.18.90	8558 (HTTPOOL-N...) (HTTPOOL-NET-AS)
4	91.209.18.100 91.209.18.100	8558 (HTTPOOL-N...) (HTTPOOL-NET-AS)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:400d:806::200e	15169 (GOOGLE) (GOOGLE)
1 4	78.128.6.42 78.128.6.42	31083 (TELEPOINT) (TELEPOINT)
1	195.168.10.173 195.168.10.173	5578 (AS-BENEST...) (AS-BENESTRA Bratislava)
2 4	98.98.134.242 98.98.134.242	21859 (ZEN-ECN) (ZEN-ECN)
2 2	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
5 10	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
42	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	146.59.30.104 146.59.30.104	16276 (OVH) (OVH)
1	146.59.30.108 146.59.30.108	16276 (OVH) (OVH)
17	2a00:1450:400... 2a00:1450:400d:80a::2001	15169 (GOOGLE) (GOOGLE)
9 12	142.250.201.194 142.250.201.194	15169 (GOOGLE) (GOOGLE)
6 12	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	2a00:1450:400... 2a00:1450:400d:80d::2004	15169 (GOOGLE) (GOOGLE)
1 2	34.254.219.114 34.254.219.114	16509 (AMAZON-02) (AMAZON-02)
28	2a00:1450:400... 2a00:1450:400d:808::2006	15169 (GOOGLE) (GOOGLE)
7	172.217.19.98 172.217.19.98	15169 (GOOGLE) (GOOGLE)
2	2600:9000:238... 2600:9000:238d:4800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2600:1f13:800... 2600:1f13:800:7780:7d4b:6267:96a3:77e2	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400d:802::200a	15169 (GOOGLE) (GOOGLE)
1	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
4	2600:9000:205... 2600:9000:2057:aa00:15:6513:6d40:21	16509 (AMAZON-02) (AMAZON-02)
211	29

45 78.90.206.186 (Sofia, Bulgaria)

ASN35141 (A1, BG)
PTR: mh-186.msk.bg

www.zdrave.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 85.14.4.130 (Lovech, Bulgaria)

ASN8262 (EVOLINK-AS, BG)
PTR: sportal.bg

gdpr.sportal.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.209.18.90 (Slovenia) 1 redirects

ASN8558 (HTTPOOL-NET-AS, SI)
PTR: relay.toboads.com

relay-bg.ads.httpool.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 91.209.18.100 (Slovenia)

ASN8558 (HTTPOOL-NET-AS, SI)
PTR: tas.toboads.com

tas-bg.toboads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:806::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.128.6.42 (Bulgaria) 1 redirects

ASN31083 (TELEPOINT, BG)
PTR: ip-6-42.telehouse.bg

gabg.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.168.10.173 (Vydrany, Slovakia)

ASN5578 (AS-BENESTRA Bratislava, Slovak Republic, SK)
PTR: a45.etarget.sh.cust.gts.sk

bg.search.etargetnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 98.98.134.242 (United States) 2 redirects

ASN21859 (ZEN-ECN, US)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.244 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.89.211.116 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.104 (France)

ASN16276 (OVH, FR)
PTR: ip104.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.108 (France)

ASN16276 (OVH, FR)
PTR: ip108.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:400d:80a::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.201.194 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.80.39.216 (Canada) 6 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80d::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.254.219.114 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-219-114.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:400d:808::2006 (Ireland)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.19.98 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s27-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:238d:4800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1f13:800:7780:7d4b:6267:96a3:77e2 (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:802::200a (Ireland)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.113.101.132 (Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2057:aa00:15:6513:6d40:21 (United States)

ASN16509 (AMAZON-02, US)

d27rf63iunghx1.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	googlesyndication.com 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 137 ade.googlesyndication.com — Cisco Umbrella Rank: 281	365 KB
45	zdrave.bg www.zdrave.bg	232 KB
28	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 270	775 KB
27	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 186 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 cm.g.doubleclick.net — Cisco Umbrella Rank: 205 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 313	257 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 533	9 KB
12	adnxs.com 7 redirects ib.adnxs.com — Cisco Umbrella Rank: 203	12 KB
10	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 753 static.adsafeprotected.com — Cisco Umbrella Rank: 571 dt.adsafeprotected.com — Cisco Umbrella Rank: 531	99 KB
6	gemius.pl 1 redirects gabg.hit.gemius.pl — Cisco Umbrella Rank: 112365 ls.hit.gemius.pl — Cisco Umbrella Rank: 13135	26 KB
5	sportal.bg gdpr.sportal.bg	142 KB
4	cloudfront.net d27rf63iunghx1.cloudfront.net	136 KB
4	sitescout.com 2 redirects pixel.sitescout.com — Cisco Umbrella Rank: 3568	634 B
4	toboads.com tas-bg.toboads.com — Cisco Umbrella Rank: 718433	125 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	170 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	17 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 149	87 KB
1	o2online.de portal.o2online.de — Cisco Umbrella Rank: 61032	459 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 298	6 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 9006	531 B
1	etargetnet.com bg.search.etargetnet.com — Cisco Umbrella Rank: 220514	1 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 106
1	httpool.com 1 redirects relay-bg.ads.httpool.com — Cisco Umbrella Rank: 704041	388 B
0	consensu.org Failed vendorlist.consensu.org Failed
211	23

	Domain	Requested by
45	www.zdrave.bg	www.zdrave.bg
41	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
28	s0.2mdn.net	www.zdrave.bg s0.2mdn.net 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
17	tpc.googlesyndication.com	57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
12	ib.adnxs.com	7 redirects www.zdrave.bg googleads.g.doubleclick.net
6	dt.adsafeprotected.com	57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
6	googleads4.g.doubleclick.net	www.zdrave.bg
6	googleads.g.doubleclick.net	57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com pagead2.googlesyndication.com
5	gdpr.sportal.bg	www.zdrave.bg gdpr.sportal.bg
4	d27rf63iunghx1.cloudfront.net
4	57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	pixel.sitescout.com	2 redirects www.zdrave.bg
4	gabg.hit.gemius.pl	1 redirects www.zdrave.bg gabg.hit.gemius.pl
4	tas-bg.toboads.com	www.zdrave.bg
4	www.googletagservices.com	www.zdrave.bg 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	static.adsafeprotected.com	57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
2	fw.adsafeprotected.com	1 redirects www.zdrave.bg
2	ls.hit.gemius.pl	gabg.hit.gemius.pl ls.hit.gemius.pl
2	www.google-analytics.com	www.zdrave.bg
2	connect.facebook.net	www.zdrave.bg connect.facebook.net
1	ade.googlesyndication.com
1	portal.o2online.de
1	ajax.googleapis.com	s0.2mdn.net
1	www.google.com	tpc.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	bg.search.etargetnet.com	www.zdrave.bg
1	www.facebook.com	www.zdrave.bg
1	relay-bg.ads.httpool.com	1 redirects
0	vendorlist.consensu.org Failed	gdpr.sportal.bg
211	33

This site contains links to these domains. Also see Links.

Domain
zdrave.jobs.bg
www.idengo.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.sportal.bg Go Daddy Secure Certificate Authority - G2	`2023-01-05` - `2024-02-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-25` - `2023-02-23`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2022-09-13` - `2023-09-25`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-02-10` - `2023-05-27`	4 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-09` - `2023-12-03`	10 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.o2online.de DigiCert TLS RSA SHA256 2020 CA1	`2022-02-11` - `2023-03-08`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh

This page contains 23 frames:

Primary Page: http://www.zdrave.bg/
Frame ID: 0C681940FF53F90F8D12B49F29A6554E
Requests: 76 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255
Frame ID: C4CE02D81A92944795E04740D129D6DC
Requests: 1 HTTP requests in this frame

Frame: http://tas-bg.toboads.com/alt.php?rq=caaa197a-9952-4d96-7760-eeaa01e0acf8&vt=e63ba384-5aea-4aa4-bdbb-76cf958c84a2&brand=generic&af=300x250&clr_border=FFFFFF&clr_bg=FFFFFF&clr_title=4170a0&clr_link=fac588&clr_text=000000&nw=0&zn=533338dda&
Frame ID: A1FB72D78912D7D64ABA1664D571FCD3
Requests: 1 HTTP requests in this frame

Frame: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 955653AB3793339D51922F9AA6868181
Requests: 1 HTTP requests in this frame

Frame: http://ls.hit.gemius.pl/lsget.html
Frame ID: C66B23EF66DB9E354E7B475BA9D4A2E5
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html?mode=new
Frame ID: 7B877EDE8D9189E5C8D53D758E8157C2
Requests: 1 HTTP requests in this frame

Frame: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5145DB7D27BAED33E995C6588C0CEC1E
Requests: 27 HTTP requests in this frame

Frame: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5C1993A8787648F124118DD6BD38ECAC
Requests: 19 HTTP requests in this frame

Frame: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 595B80FD1F6F52023E71987AA0F2D632
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNX-bQxsBeuDmCjzAEWLVgnpfNvDzGjhTYFuZCX3i7-0RxljF2xATAKWILUHwt8HCseLGNU-5HF16Rb2Hel65259sQgaSOhGHypJeGtCoFvtUE54m04qzyNSnGNTka5J6WcR5FXRkQr4adqVWtmy95PkbL0ouiJ64O3VNubszMyjixQuad8
Frame ID: 6139CDDFC37B4B219E1D4C11E2607A7D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjG8_zbATAB&v=APEucNVaZZSld5QQ_zbD3lYCx-kOmSqJvm65zI9UKc0X6YV95aQEMh9DSwWPFaiWvKSszE_q23nMt8nLKX0QwrUrt7VpLTctBTycD70VHqXs752SKIPZZAkvXAlMGsn7umabNNlnDHK7TsOzh2HcoKrNUa-Gt0vb7vk0feHCaCsWJJ86X-Z2Tfo
Frame ID: 08161190766B1D025FC35BBB18CF8C4A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYrdT4xgEwAQ&v=APEucNUo5VpdTi2PZOP9-Gbh9ShEEf3ZBxdSpO8nRYczUvo96q0d3_Gp2fjPrfygjyhJaNKax4o3ymOITejyPIWkNxoS-qE0tpMNEexGHfaTPDc4yfp9VvFVBdCa9kjan_4UdyHZkFcr6YBOpuB_hWWWjN3A7ki3uC8k6w8mfWWxS8znJf9VeF0
Frame ID: D0BE5AB6F5CD299CF47812C70EA60E01
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3693D45CE679CA763C7EBD131961D00D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 688A93C99148E0E7B4C8770067043F5A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DAF754DDF2C9FFD91FE2656681A376DB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 938A428A711E9BDB4852254032365DB4
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
Frame ID: FBDCD13284B50071587AB2554B50813C
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 26EB272516408FCFE2C904F3394E024E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5C17B68B08E9241105258DE37601F89B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=Gt4uRvcv9v&t=1&renderingType=2&ev=01_247
Frame ID: 17126264E353D159E82D7E283D132CAF
Requests: 14 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
Frame ID: D0B522F7D05BC2C466872D0ED6067A2C
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: 28257C4960E6869039B6080118445BD5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: F2EAE3E7C0FCB37AE66DF2581BBD9AA1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

новини за здравето на всеки, всеки ден | здраве.bg

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

211
Requests

64 %
HTTPS

47 %
IPv6

23
Domains

33
Subdomains

29
IPs

8
Countries

2449 kB
Transfer

5468 kB
Size

18
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://zdrave.jobs.bg/
Title: работа,

Search URL Search Domain Scan URL

URL: http://www.idengo.com/
Title: IDENGO

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

http://relay-bg.ads.httpool.com/ HTTP 303
http://tas-bg.toboads.com/js/adi-ec561a14.js

Request Chain 31

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 48

http://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255 HTTP 307
https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255

Request Chain 49

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 60

http://pixel.sitescout.com/iap/ea24b8a97ba6cbd8 HTTP 302
https://pixel.sitescout.com/iap/ea24b8a97ba6cbd8

Request Chain 61

http://ib.adnxs.com/seg?add=9942225 HTTP 307
https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9942225 HTTP 307
https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9942225

Request Chain 62

http://pixel.sitescout.com/iap/1dedaf03ba2c1838 HTTP 302
https://pixel.sitescout.com/iap/1dedaf03ba2c1838

Request Chain 63

http://ib.adnxs.com/seg?add=9922745 HTTP 307
https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9922745 HTTP 307
https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9922745

Request Chain 65

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=997429362&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D1%82%D0%BE%20%D0%BD%D0%B0%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%2C%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%20%D0%B4%D0%B5%D0%BD%20%7C%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5.bg&utmhid=1135574500&utmr=-&utmp=%2F&utmht=1676520067948&utmac=UA-324471-1&utmcc=__utma%3D2577403.2145424155.1676520068.1676520068.1676520068.1%3B%2B__utmz%3D2577403.1676520068.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1102010353&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=997429362&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D1%82%D0%BE%20%D0%BD%D0%B0%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%2C%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%20%D0%B4%D0%B5%D0%BD%20%7C%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5.bg&utmhid=1135574500&utmr=-&utmp=%2F&utmht=1676520067948&utmac=UA-324471-1&utmcc=__utma%3D2577403.2145424155.1676520068.1676520068.1676520068.1%3B%2B__utmz%3D2577403.1676520068.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1102010353&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Request Chain 77

https://gabg.hit.gemius.pl/_1676520068440/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrave.bg%2F&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=TuCHtQrrJa5LCaxg8wTaDI324.gG7wof.uj6BmteXCH.N7iB.hVffhRlVQL.kcxawf.cWzNNbp7Kh9WciRjlYZXPU82_/cZdCqNZTaBHQY/&fpdata=g2.X1E3SCH4467.qqhMrjiWgmX89K7R1KbeyC43llTn.B7&ltime=318&fr=1&ref=&inner=_ver%3D335&lsadd=&exid=63edaa8407236698&brts=1676520068&fpcap= HTTP 301
https://gabg.hit.gemius.pl/__/_1676520068440/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrave.bg%2F&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=TuCHtQrrJa5LCaxg8wTaDI324.gG7wof.uj6BmteXCH.N7iB.hVffhRlVQL.kcxawf.cWzNNbp7Kh9WciRjlYZXPU82_/cZdCqNZTaBHQY/&fpdata=g2.X1E3SCH4467.qqhMrjiWgmX89K7R1KbeyC43llTn.B7&ltime=318&fr=1&ref=&inner=_ver%3D335&lsadd=&exid=63edaa8407236698&brts=1676520068&fpcap=

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1

Request Chain 104

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.2qhPeKyxt.00fUaZTZeQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

Request Chain 106

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1

Request Chain 108

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.2qhPeKyxt.00fUaZTZeQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

Request Chain 110

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1

Request Chain 112

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.2qhPeKyxt.00fUaZTZeQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2

Request Chain 113

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

Request Chain 114

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

Request Chain 148

https://fw.adsafeprotected.com/rfw/st/990511/61634098/4.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-7031831557830335&ias_chanId=1&ias_placementId=19429528027&bidurl=http://www.zdrave.bg/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0j8pJvIt_vGEZNmhWzMzQXJ&adContainerId=brand_safety_hKrtY8jEOfCX9u8PpNaU4Aw&cbFunctionName=goog_wrapCb_hKrtY8jEOfCX9u8PpNaU4Aw&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=http%3A%2F%2Fwww.zdrave.bg&adsafe_type=y&adsafe_url=http%3A%2F%2Fwww.zdrave.bg%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:20a99090-102f-f17b-10ae-ab28bcba562a,c:4lWTb9,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-69f5898b7f-zpf4k,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:5,mot:0,app:0,maw:0,fm:tvZNm9Z+11%7C12%7C13%7C141%7C15*.990511-61634098%7C151%7C152%7C153%7C161%7C171%7C172%7C181%7C19,idMap:15*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:37,oid:8b654cf0-adae-11ed-8ee0-ce6968165ff2,v:19.8.394,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

211 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.zdrave.bg/ 34 KB
10 KB 505ms
213ms Document
text/html 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 31c1401c5e39742fc59a62a1fafba5eceac889c3d61cc436c650b743a7a9a65f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 9503
Content-Type: text/html
Date: Thu, 16 Feb 2023 04:01:07 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding

GET
H/1.1 200
OK swfobject.js Show response
www.zdrave.bg/js/ 7 KB
3 KB 31ms
30ms Script
application/x-javascript 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/js/swfobject.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: f2172868bc46d74ad32f2715bc25a8716e07a784b2ecb24d9d077d2125c6c993

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Aug 2013 09:16:07 GMT
Server: nginx
ETag: W/"51fb78d7-1ae0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 200
OK jquery.js Show response
www.zdrave.bg/js/ 95 KB
33 KB 65ms
33ms Script
application/x-javascript 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/js/jquery.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 28cd1264bd1c0efccf4e7e030e8fc0dac7f2176f8d88ba60c8714ea738a8f550

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Aug 2013 09:16:07 GMT
Server: nginx
ETag: W/"51fb78d7-17d59"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 200
OK zdrave.js Show response
www.zdrave.bg/js/ 14 KB
5 KB 65ms
33ms Script
application/x-javascript 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/js/zdrave.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: be6fd99e19aac74aa0fd01a271bae13e65496afad769c0df1e5648bd9a2cd950

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Aug 2013 09:16:07 GMT
Server: nginx
ETag: W/"51fb78d7-39e0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Keep-Alive: timeout=5

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 76 KB
27 KB 244ms
81ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc953bfb3568e48c7dbb77edd2e34b6c2c6bbf253e136ce677727ca187ae2fd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26653
x-xss-protection: 0
server: sffe
etag: "1484 / 914 of 1000 / last-modified: 1676502394"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Feb 2023 04:01:07 GMT

GET
H2 200 sportal.gdpr.js Show response
gdpr.sportal.bg/ 19 KB
8 KB 338ms
32ms Script
application/javascript 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/sportal.gdpr.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: 782a77ad65b778b8745670755fa9b2bc96e05c865936460082e3e493ddfd72f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:07 GMT
content-encoding: gzip
last-modified: Wed, 05 Jun 2019 12:19:53 GMT
server: nginx
etag: W/"5cf7b369-4a2e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H/1.1 200
OK zdrave_styles.css
www.zdrave.bg/css/ 39 KB
9 KB 61ms
30ms Stylesheet
text/css 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.zdrave.bg/css/zdrave_styles.css
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 76fd4dd5c74aea6b02fc8ee6090b0bc6a59eda5f9d6ff38b02ed1eda91a99a48

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Aug 2013 09:14:56 GMT
Server: nginx
ETag: W/"51fb7890-9b37"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 200
OK zdrave_search_submit.gif
www.zdrave.bg/images/ 1 KB
2 KB 34ms
30ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_search_submit.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 58556977e7860db2b6db32a94b0f4549ef12839318d98455cc553b5e4bd32c65

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-577"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1399

GET
H/1.1 200
OK zdrave_header_logo.jpg
www.zdrave.bg/images/ 7 KB
8 KB 36ms
32ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_header_logo.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 43135cf7c31641d06df7ff2d9a82cd764c227fc5fcd7ecfae563acb03dd7228c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-1dca"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 7626

GET
H/1.1 200
OK zdr_left_menu_header.gif
www.zdrave.bg/images/ 1 KB
1 KB 34ms
30ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_left_menu_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 2def643052cff38eef41134268f401bcfcc4eeabfc3080fe3a3f0f7026b84a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-4ce"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1230

GET
H/1.1 200
OK zdr_left_deseases_header.gif
www.zdrave.bg/images/ 1 KB
2 KB 40ms
36ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_left_deseases_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 1c377127bcfa3c889dd0bf2b470b8e82892429dc22ddc8fd267f071dc74d3e42

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-55f"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1375

GET
H/1.1 200
OK zdr_header_rss.gif
www.zdrave.bg/images/ 699 B
953 B 205ms
30ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_header_rss.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 473f3e92b1252dba029b6c5d036d7dbfd02b1c7d8e3fda3350c22045f21ed733

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-2bb"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 699

GET
H/1.1 200
OK 5782.jpg
www.zdrave.bg/images/250/ 16 KB
16 KB 213ms
30ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5782.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 102423e1eefe81cf7be86b18c52ff4f91e0905b64277582386529dfaaa85e844

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:08:03 GMT
Server: nginx
ETag: "51fb76f3-3fb6"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 16310

GET
H/1.1 200
OK 5447.jpg
www.zdrave.bg/images/250/ 14 KB
14 KB 31ms
30ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5447.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 38c41f2a23606c4ac956be11f4ed1cb6fd451007b5afd53000bce1a9999ef273

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:08:17 GMT
Server: nginx
ETag: "51fb7701-37d8"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 14296

GET
H/1.1 200
OK 5785.jpg
www.zdrave.bg/images/250/ 21 KB
21 KB 42ms
36ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5785.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 9fec94b4ff143599afb447b8fd3a2c2b3ba59caee8670c59042fb7bd3433f58b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:07:50 GMT
Server: nginx
ETag: "51fb76e6-530e"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 21262

GET
H/1.1 200
OK 5783.jpg
www.zdrave.bg/images/250/ 18 KB
18 KB 53ms
29ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5783.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: bb998a86cbac87a0d49bb25b54abc93972824501d99531b2c69e2de3ecebc13a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:07:59 GMT
Server: nginx
ETag: "51fb76ef-48d4"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 18644

GET
H/1.1 200
OK 5707.jpg
www.zdrave.bg/images/250/ 21 KB
21 KB 53ms
31ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/250/5707.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 8d63fba992512d3d08c8a9f7b770fd6203622bdc6284e30af91d516f5a753eb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:07:24 GMT
Server: nginx
ETag: "51fb76cc-5442"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 21570

GET
H/1.1 200
OK zdr_arrow_left.gif
www.zdrave.bg/images/ 53 B
305 B 65ms
30ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_arrow_left.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: ab100b2b5cea43ed7e6d90205014fed9b4df8d7aa8c04dba39c61f3667d1adc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-35"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 53

GET
H/1.1 200
OK zdr_arrow_right.gif
www.zdrave.bg/images/ 56 B
308 B 98ms
42ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_arrow_right.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 4352dcef55a499ed21de78785c1d6c67db60bd24a37d5df8859d987682cb8fb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-38"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 56

GET
H/1.1 200
OK zdr_center_more_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 85ms
41ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_center_more_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 5e0a6d389252a6a887d3b5e3c860d758d47162b44481550be199436d95079145

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-889"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2185

GET
H/1.1 200
OK 6202.jpg
www.zdrave.bg/images/80/ 4 KB
4 KB 138ms
31ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/80/6202.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: b5c9b565e21dce9ebed5eab5acfa741ba584d656fefad1e0766cf34ad869b8d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Thu, 11 Feb 2021 15:12:50 GMT
Server: nginx
ETag: "60254972-108f"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 4239

GET
H/1.1 200
OK 2219.jpg
www.zdrave.bg/images/80/ 4 KB
4 KB 86ms
30ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/80/2219.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: e599f75928c9adfc5466b3a9391433e89623967d26665b7c7897ea69f2ebf0d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:04 GMT
Server: nginx
ETag: "51fb77a8-e21"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3617

GET
H/1.1 200
OK zdr_u-know_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 136ms
30ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_u-know_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: e47b9e815087e2fc99bbf6cbf261c70deb464a65398b4f20b20a12594fa1e479

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-78a"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 1930

GET
H/1.1 200
OK 5283.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 40ms
31ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/5283.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: c12883dc07f971d67e5b7c0b6bbb496858e0721f94d05706bac6215bf9b6908b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:41 GMT
Server: nginx
ETag: "51fb77cd-cc8"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3272

GET
H/1.1 200
OK 4665.jpg
www.zdrave.bg/images/60/ 2 KB
3 KB 59ms
30ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/4665.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 8a33f2d843dec50c117b7023802cfef9631c4e163bacdbd88b7eb6dc8512f6cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:40 GMT
Server: nginx
ETag: "51fb77cc-93f"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 2367

GET
H/1.1 200
OK 677.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 31ms
30ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/677.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: db9d01707fe76a51a28349eca999d875004049d3ba47686e7274fa1c79b0a869

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:20 GMT
Server: nginx
ETag: "51fb77b8-cf9"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3321

GET
H/1.1 200
OK 5289.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 32ms
31ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/5289.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 6d57e824e059301698f353db1cf92025de2a6d1e6f8c5abbffc24fc768e13550

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:41 GMT
Server: nginx
ETag: "51fb77cd-a79"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2681

GET
H/1.1 200
OK 3700.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 35ms
30ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/3700.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: b583d05bbbb011366fea9dda74ebd9cf77ac7b83fc1736e7c8529d151e6277d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:51 GMT
Server: nginx
ETag: "51fb77d7-aa5"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2725

GET
H/1.1 200
OK 4977.jpg
www.zdrave.bg/images/60/ 3 KB
3 KB 40ms
31ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/60/4977.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: a960c0aa92033ca3ecfdd81cec7a4443d8e73f7081f1d5fb91f165e05e2d58eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:11:48 GMT
Server: nginx
ETag: "51fb77d4-b56"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2902

GET
H/1.1 200
OK 5822.jpg
www.zdrave.bg/images/80/ 3 KB
3 KB 137ms
31ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/80/5822.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: be8a61c5d7715ba61c258ac1b146a8e29da020251bd6dee9cc36424a050e560a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:10:20 GMT
Server: nginx
ETag: "51fb777c-c31"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3121

GET
H/1.1

200
OK

adi-ec561a14.js Show response
tas-bg.toboads.com/js/
Redirect Chain

http://relay-bg.ads.httpool.com/
http://tas-bg.toboads.com/js/adi-ec561a14.js

121 KB
121 KB

124ms
25ms

Script
text/javascript

91.209.18.100
HTTPOOL-NET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tas-bg.toboads.com/js/adi-ec561a14.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 91.209.18.100 , Slovenia, ASN8558 (HTTPOOL-NET-AS, SI),
Reverse DNS: tas.toboads.com
Software: nginx / PHP/7.1.13
Resource Hash: c3f738d41d979222078bbc1624c0b1ee0f752c6b9d6c563d992da1adb1cf5ced

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Thu, 01 Sep 2022 12:29:59 GMT
Server: nginx
X-Powered-By: PHP/7.1.13
ETag: W/"ebadc3b25a8662991415a39814ec4260"
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
P3P: policyref="/w3c/p3p.xml", CP="httpool"
Cache-Control: private, max-age=21254400
Connection: keep-alive
Expires: Fri, 05 May 2023 12:29:59 GMT

Redirect headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Thu, 16 Feb 2023 04:01:07 GMT
Server: nginx
X-Powered-By: PHP/7.1.13
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Location: http://tas-bg.toboads.com/js/adi-ec561a14.js
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Connection: keep-alive

GET
H/1.1 200
OK zdr_right_quiz_vote.gif
www.zdrave.bg/images/ 734 B
988 B 30ms
29ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_right_quiz_vote.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 581b5d3edb9fc27999b016832d576b42d39a6702eacf9e9ec60d8c0a6917e381

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-2de"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 734

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

78ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4312d184c3ac26e20d28109cd60c174df6f6545e5d1232e377d92a0b13dc7688

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 04:01:07 GMT
content-md5: tjfb2aJBv38PIbHCnHEOmQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: gy90s6SpCuDpLamejdWNHolKvyPr8zDn0AqBUXwFnBIp1Ei8SxCDm7D/oZ7VIH8tpjeZKNa1AuozkuPi0siFqg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 2050670934
x-fb-content-md5: 3444c37f218d216dc22cc153a5ee0ae6
cross-origin-opener-policy: same-origin-allow-popups
etag: "d1f3b5e1efae0b0530f1761a4b2dd203"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Thu, 16 Feb 2023 04:07:03 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/all.js#xfbml=1
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK bullet_orange_top_menu.gif
www.zdrave.bg/images/ 1 KB
1 KB 37ms
31ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/bullet_orange_top_menu.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 294a8041d261138b6673afb0ce72c680992d5a4091009aa655e6e79297f9d9df

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:44 GMT
Server: nginx
ETag: "51fb76a4-44c"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1100

GET
H/1.1 200
OK zdrave_header_bottom_full_bg.gif
www.zdrave.bg/images/ 1 KB
2 KB 52ms
29ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_header_bottom_full_bg.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 97b37c3497e067d19d97bdf7b62b5749b3e132ca56220e5698d8d66d90757dd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-536"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1334

GET
H/1.1 200
OK zdrave_header_container_bg.jpg
www.zdrave.bg/images/ 3 KB
3 KB 56ms
31ms Image
image/jpeg 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_header_container_bg.jpg
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 85d4ef637cacccef5919fa290c3c104c8682d939e7f0b1e4d0cfb67f09307778

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-be5"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3045

GET
H/1.1 200
OK zdrave_dropdown_menu_bckgr_last.gif
www.zdrave.bg/images/ 169 B
422 B 56ms
31ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_dropdown_menu_bckgr_last.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: ff4c6510b024bdf4d4a38848129fe74137b0d2eb3acaee253854a51e385e2273

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-a9"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 169

GET
H/1.1 200
OK zdrave_dropdown_menu_bckgr_circle.gif
www.zdrave.bg/images/ 49 B
273 B 57ms
32ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_dropdown_menu_bckgr_circle.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: e33d9e3eb211444580014e5a7ee28f61f8ad40ada8a191246ee2988cf9567285

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-31"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 49

GET
H/1.1 200
OK zdr_left_menu_plus.gif
www.zdrave.bg/images/ 4 KB
4 KB 49ms
37ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_left_menu_plus.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 866adec983f3c77bb4f6584cbffc36290ba9e0252b7ea388240e5e58fd8e6876

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-f34"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3892

GET
H/1.1 200
OK zdr_center_top_header.gif
www.zdrave.bg/images/ 3 KB
3 KB 43ms
35ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_center_top_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 4f3a3090e0884756fa93224898619ab10c0bf0e216421914dc787287a76cedbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-a4c"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2636

GET
H/1.1 200
OK zdr_bullet_romb.gif
www.zdrave.bg/images/ 134 B
387 B 84ms
41ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_bullet_romb.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 796c84eac5bb533e3ed7bf97fb67fa1d1ab6b6115f81a82c9d1994ea415f7a44

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-86"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 134

GET
H/1.1 200
OK zdr_center_header_faq.gif
www.zdrave.bg/images/ 3 KB
3 KB 84ms
42ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_center_header_faq.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 4d6f39ef46419482e924286a45ce79748ed22edb7de4bafa7575597214ef373b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-c4c"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3148

GET
H/1.1 200
OK zdrave_advice_header.gif
www.zdrave.bg/images/ 1 KB
1 KB 144ms
38ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_advice_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 9ba6247d89411f5e450c2348f4605a57f12122b29cf102671929c26c905e66b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-43e"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1086

GET
H/1.1 200
OK zdrave_topic_accent_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 132ms
29ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdrave_topic_accent_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 350d86c0140550202426b067ebeb07ccdab9974634cd9679316cd8e72dcbfd7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-7e7"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2023

GET
H/1.1 200
OK bullet_yellow_green_bg.gif
www.zdrave.bg/images/ 131 B
356 B 138ms
32ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/bullet_yellow_green_bg.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 1de6e720901fe5ca658c1323b895ef2d0a14508e1403cbfc1b18d938c610d452

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-83"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 131

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 303 KB
85 KB 51ms
15ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=860d0f1b1dc92fdb516a3c1b30deaf87

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c5afea8a7fb6bfe8770d1d7f9045592f5189e11526a0d781e7ee002349d8b85c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://www.zdrave.bg/
Origin: http://www.zdrave.bg
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 04:01:07 GMT
content-md5: A+6MwVqSq65ws6zDnlgZFA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86847
x-fb-rlafr: 0
x-fb-debug: oyfPq2jgV41JxVe4wKF5R5J9OJ01IvikM5vGcnKWSmkFliGg5ciK5zzphlcZfk3Jdmq/myQEOfvvLN35CeWZgw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 1780808dddc7cce6fb46e993faa8ff3e
cross-origin-opener-policy: same-origin-allow-popups
etag: "2a4051eab07d122aaa71b2523e622fdc"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Fri, 16 Feb 2024 01:44:11 GMT

GET
H/1.1 200
OK adl-d9566a3e.js Show response
tas-bg.toboads.com/js/ 367 B
759 B 45ms
44ms Script
text/javascript 91.209.18.100
HTTPOOL-NET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=1&rq=caaa197a-9952-4d96-7760-eeaa01e0acf8&vt=e63ba384-5aea-4aa4-bdbb-76cf958c84a2&isf=false&zn=533338dda&tm=0&af=300x250&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=17574adf-d52d-2f99-775e-af2e140ddf9e&ct=e3d24d0d-643a-4ac6-5536-286acb79de92&c=hA_c_0_89d75071&ah=0&
Requested by: Host:
URL: webpack:///../javascript/src/WindowManager.js?
Protocol: HTTP/1.1
Server: 91.209.18.100 , Slovenia, ASN8558 (HTTPOOL-NET-AS, SI),
Reverse DNS: tas.toboads.com
Software: nginx / PHP/7.1.13
Resource Hash: 8d58cf0f8076552a18107cacca969a9232b3e5fc2ef65923201f0d7a16fe25e3

Request headers

Referer: http://www.zdrave.bg/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Thu, 16 Feb 2023 04:01:07 GMT
Server: nginx
X-Powered-By: PHP/7.1.13
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="httpool"
Content-Type: text/javascript; charset=utf-8
Cache-Control: private, max-age: 0
Connection: keep-alive
Expires: Thu, 16 Feb 2023 03:01:07 GMT

GET
H2 200 pubads_impl_2023021301.js Show response
securepubads.g.doubleclick.net/gpt/ 386 KB
131 KB 177ms
47ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0158a7a3fd4a43fd01c6051d73c8507d87989abb39e83b3dbb8e3fe806ef77cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 11:31:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 232180
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133267
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 09:35:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 13 Feb 2024 11:31:27 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 111 B
620 B 197ms
69ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zdrave.bg

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56b037e4ecfaba364af8e4eeecaf4c4a666f9cf633e789e61b6d522b49b82e0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
x-xss-protection: 0
expires: Thu, 16 Feb 2023 04:01:07 GMT

GET
H2

200

likebox.php
www.facebook.com/plugins/ Frame C4CE
Redirect Chain

http://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255
https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255

0
0

101ms
44ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Feb 2023 04:01:07 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: xIqPrvlb8fU4qkzierhtN0dILuLQSv1l5yS4KxIOmzEw3Leix60a1yQIV7ovVCQitLtsFJUfTowL6xWlCmr+Zg==
x-fb-rlafr: 0
x-frame-options: DENY
x-xss-protection: 0

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://www.facebook.com/plugins/likebox.php?id=194681971570&width=300&connections=10&stream=false&header=false&height=255
Non-Authoritative-Reason: HSTS

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

163ms
47ms

Script
text/javascript

2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 03:47:20 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 827
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Thu, 16 Feb 2023 05:47:20 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK xgemius.js Show response
gabg.hit.gemius.pl/ 64 KB
17 KB 175ms
40ms Script
application/x-javascript 78.128.6.42
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: http://gabg.hit.gemius.pl/xgemius.js
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.128.6.42 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-42.telehouse.bg
Software: GHC /
Resource Hash: cef8fa3e654e9d95636b0adb5d81d5dfd0b65909dbe7227e43137c0dacaaf1f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Feb 2023 08:59:41 GMT
Server: GHC
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Vary: Accept-Encoding,Origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Content-Type: application/x-javascript
Cache-Control: max-age=43200
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: none
Keep-Alive: timeout=10
Content-Length: 17134
Expires: Thu, 16 Feb 2023 16:01:07 GMT

GET
H/1.1 200
OK / Show response
bg.search.etargetnet.com/a/ 574 B
1 KB 123ms
39ms Script
application/javascript 195.168.10.173
AS-BENESTRA Brati...

General

Check archive.org

Show headers Download Go to

Full URL: http://bg.search.etargetnet.com/a/?ref=69700
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 195.168.10.173 Vydrany, Slovakia, ASN5578 (AS-BENESTRA Bratislava, Slovak Republic, SK),
Reverse DNS: a45.etarget.sh.cust.gts.sk
Software: nginx /
Resource Hash: b1a6d5f4ffb9218e749c18808d39035c35fd82bae68544aa27bf7ac9c1dba6a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: cache
Date: Thu, 16 Feb 2023 04:01:07 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=windows-1250
X-Protected-By: Bee/0.68
Y-Protected-By: Bulbasaur/blade2-08.etarget.sk
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Cache-Control: max-age=7200
Connection: keep-alive
Expires: Thu, 16 Feb 2023 06:01:07 GMT

GET
H/1.1 200
OK zdr_right_top_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 32ms
31ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_right_top_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 9cc2a05d65d6805b9ea06989155a430932bf4d994915a617ecaeab4dd2dc5bdf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:44 GMT
Server: nginx
ETag: "51fb76a4-7de"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2014

GET
H/1.1 200
OK zdr_right_quiz_header.gif
www.zdrave.bg/images/ 2 KB
2 KB 32ms
31ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/zdr_right_quiz_header.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 45f03badef9166a1e3a0a32d90c2142aa3426de23b7729770328ce8d0853f0bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:42 GMT
Server: nginx
ETag: "51fb76a2-67a"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1658

GET
H/1.1 200
OK bullet_orange.gif
www.zdrave.bg/images/ 53 B
305 B 32ms
32ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/images/bullet_orange.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/css/zdrave_styles.css
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: 94e3d2444192a16a5440e24074941287108059b70bef2202a2bdcfd882f5a75b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/css/zdrave_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:43 GMT
Server: nginx
ETag: "51fb76a3-35"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 53

GET
H/1.1 200
OK adl-d9566a3e.js Show response
tas-bg.toboads.com/js/ 235 B
626 B 36ms
35ms Script
text/javascript 91.209.18.100
HTTPOOL-NET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=2&rq=caaa197a-9952-4d96-7760-eeaa01e0acf8&vt=e63ba384-5aea-4aa4-bdbb-76cf958c84a2&isf=false&zn=e45aec764&tm=0&af=0x0&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=af6efafe-8fd7-3c0f-cb5f-816803f2487d&ct=ea5e053a-7fbe-0cfd-6a7b-27a35bbc7469&c=hA_c_1_5bf43c32&ah=0&
Requested by: Host:
URL: webpack:///../javascript/src/WindowManager.js?
Protocol: HTTP/1.1
Server: 91.209.18.100 , Slovenia, ASN8558 (HTTPOOL-NET-AS, SI),
Reverse DNS: tas.toboads.com
Software: nginx / PHP/7.1.13
Resource Hash: 0b8020f4f33e4308efcaf92a3f488695c14a014890812f21076cdea86402be0e

Request headers

Referer: http://www.zdrave.bg/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Thu, 16 Feb 2023 04:01:07 GMT
Server: nginx
X-Powered-By: PHP/7.1.13
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="httpool"
Content-Type: text/javascript; charset=utf-8
Cache-Control: private, max-age: 0
Connection: keep-alive
Expires: Thu, 16 Feb 2023 03:01:07 GMT

GET
H/1.1 200
OK loadingAnimation.gif
www.zdrave.bg/ 6 KB
6 KB 30ms
29ms Image
image/gif 78.90.206.186
A1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zdrave.bg/loadingAnimation.gif
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: HTTP/1.1
Server: 78.90.206.186 Sofia, Bulgaria, ASN35141 (A1, BG),
Reverse DNS: mh-186.msk.bg
Software: nginx /
Resource Hash: e69abd7e0cc82f336e61fea889e406ecbbeb7ece1df960231b7a9ba0d1dd1676

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
Last-Modified: Fri, 02 Aug 2013 09:06:39 GMT
Server: nginx
ETag: "51fb769f-16fe"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 5886

GET
H2 200 runtime.js Show response
gdpr.sportal.bg/ 1 KB
1 KB 32ms
32ms Script
application/javascript 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/runtime.js
Requested by: Host: gdpr.sportal.bg
URL: https://gdpr.sportal.bg/sportal.gdpr.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: 6b15ff8756e97e5bea28b6c68a88e362cc912702ac0e2a74b7f2fe0153fe95de

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:07 GMT
content-encoding: gzip
last-modified: Thu, 22 Aug 2019 12:08:08 GMT
server: nginx
etag: W/"5d5e85a8-5de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 dependencies.js Show response
gdpr.sportal.bg/ 345 KB
123 KB 35ms
34ms Script
application/javascript 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/dependencies.js
Requested by: Host: gdpr.sportal.bg
URL: https://gdpr.sportal.bg/sportal.gdpr.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: 529e7649235a7ada58f6f8e1ac45cc35a271ad3ca5f4e9499477d0039206b4e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:07 GMT
content-encoding: gzip
last-modified: Thu, 22 Aug 2019 12:08:08 GMT
server: nginx
etag: W/"5d5e85a8-5657d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 app.js Show response
gdpr.sportal.bg/ 32 KB
9 KB 137ms
136ms Script
application/javascript 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/app.js
Requested by: Host: gdpr.sportal.bg
URL: https://gdpr.sportal.bg/sportal.gdpr.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: fe322532eb93c5b3c159a5f6456b53ebd4e8855e77964cccac8ae089e741f28a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:07 GMT
content-encoding: gzip
last-modified: Thu, 22 Aug 2019 12:08:08 GMT
server: nginx
etag: W/"5d5e85a8-7e7d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2

204

ea24b8a97ba6cbd8
pixel.sitescout.com/iap/
Redirect Chain

http://pixel.sitescout.com/iap/ea24b8a97ba6cbd8
https://pixel.sitescout.com/iap/ea24b8a97ba6cbd8

0
191 B

46ms
13ms

Image
text/plain

98.98.134.242
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/iap/ea24b8a97ba6cbd8
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: H2
Server: 98.98.134.242 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Thu, 16 Feb 2023 04:01:07 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/iap/ea24b8a97ba6cbd8
cache-control: no-cache
content-length: 0

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

http://ib.adnxs.com/seg?add=9942225
https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9942225
https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9942225

43 B
1 KB

15ms
15ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9942225

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:07 GMT
AN-X-Request-Uuid: 7d2e14ea-353a-4ba8-903b-3fd71a5559bb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f4c2d753-c234-45f7-9a96-e3da75e5a52a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9942225
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

1dedaf03ba2c1838
pixel.sitescout.com/iap/
Redirect Chain

http://pixel.sitescout.com/iap/1dedaf03ba2c1838
https://pixel.sitescout.com/iap/1dedaf03ba2c1838

0
191 B

46ms
14ms

Image
text/plain

98.98.134.242
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/iap/1dedaf03ba2c1838
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: H2
Server: 98.98.134.242 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Thu, 16 Feb 2023 04:01:07 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/iap/1dedaf03ba2c1838
cache-control: no-cache
content-length: 0

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

http://ib.adnxs.com/seg?add=9922745
https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D9922745
https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9922745

43 B
1 KB

15ms
14ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9922745

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:07 GMT
AN-X-Request-Uuid: 6d90d202-59c5-42c1-bfdd-d3b95bafc7e1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 04:01:07 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 2988e19a-a757-4264-8408-db27931edfd8
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D9922745
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK alt.php Show response
tas-bg.toboads.com/ Frame A1FB 5 KB
2 KB 33ms
32ms Document
text/html 91.209.18.100
HTTPOOL-NET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tas-bg.toboads.com/alt.php?rq=caaa197a-9952-4d96-7760-eeaa01e0acf8&vt=e63ba384-5aea-4aa4-bdbb-76cf958c84a2&brand=generic&af=300x250&clr_border=FFFFFF&clr_bg=FFFFFF&clr_title=4170a0&clr_link=fac588&clr_text=000000&nw=0&zn=533338dda&
Requested by: Host:
URL: webpack:///../javascript/src/WindowManager.js?
Protocol: HTTP/1.1
Server: 91.209.18.100 , Slovenia, ASN8558 (HTTPOOL-NET-AS, SI),
Reverse DNS: tas.toboads.com
Software: nginx / PHP/7.1.13
Resource Hash: 6b1ef4fccff6168cf7ef61c86050808e9f1a905b89cbecec7428337e380c882f

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-control: private, max-age: 0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Feb 2023 04:01:07 GMT
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/7.1.13

GET
H2

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=997429362&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=997429362&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=...

35 B
197 B

68ms
68ms

Image
image/gif

2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=997429362&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D1%82%D0%BE%20%D0%BD%D0%B0%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%2C%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%20%D0%B4%D0%B5%D0%BD%20%7C%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5.bg&utmhid=1135574500&utmr=-&utmp=%2F&utmht=1676520067948&utmac=UA-324471-1&utmcc=__utma%3D2577403.2145424155.1676520068.1676520068.1676520068.1%3B%2B__utmz%3D2577403.1676520068.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1102010353&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=997429362&utmhn=www.zdrave.bg&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5%D1%82%D0%BE%20%D0%BD%D0%B0%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%2C%20%D0%B2%D1%81%D0%B5%D0%BA%D0%B8%20%D0%B4%D0%B5%D0%BD%20%7C%20%D0%B7%D0%B4%D1%80%D0%B0%D0%B2%D0%B5.bg&utmhid=1135574500&utmr=-&utmp=%2F&utmht=1676520067948&utmac=UA-324471-1&utmcc=__utma%3D2577403.2145424155.1676520068.1676520068.1676520068.1%3B%2B__utmz%3D2577403.1676520068.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1102010353&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET purposes-bg.json
vendorlist.consensu.org/ 0
0

GET vendorlist.json
vendorlist.consensu.org/ 0
0

GET
H2 200 custom_purposes.json Show response
gdpr.sportal.bg/ 2 KB
1 KB 128ms
32ms XHR
application/json 85.14.4.130
EVOLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.sportal.bg/custom_purposes.json
Requested by: Host: gdpr.sportal.bg
URL: https://gdpr.sportal.bg/dependencies.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.14.4.130 Lovech, Bulgaria, ASN8262 (EVOLINK-AS, BG),
Reverse DNS: sportal.bg
Software: nginx /
Resource Hash: e9b220c805348a7838456a6b487e3b23fa3534437804888f46f504c221c2d006

Request headers

Accept: application/json, text/plain, */*
Referer: http://www.zdrave.bg/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: gzip
last-modified: Wed, 05 Jun 2019 12:52:50 GMT
server: nginx
etag: W/"5cf7bb22-9f3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 303ms
68ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdrave.bg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 304ms
70ms Script
application/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdrave.bg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
15 KB 402ms
402ms XHR
text/plain 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1346822189608220&correlator=1582459666079822&output=ldjh&gdfp_req=1&vrg=2023021301&ptt=17&impl=fifs&iu_parts=26641721%2Czdrave.bg_160x600%2Czdrave.bg_300x250%2Czdrave.bg_branding_megaboard&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=160x600%2C300x600%7C300x250%2C1x1%7C728x90%7C980x200&ifi=1&adks=210898386%2C3271815912%2C192288229&sfv=1-0-40&sc=0&cookie_enabled=1&abxe=1&dt=1676520068103&lmt=1676520068&dlt=1676520067254&idt=812&adxs=310%2C990%2C562&adys=811%2C283%2C37&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fwww.zdrave.bg%2F&frm=20&vis=1&psz=160x600%7C300x0%7C728x90&msz=160x-1%7C300x0%7C728x0&fws=0%2C0%2C0&ohw=0%2C0%2C0&ga_vid=2145424155.1676520068&ga_sid=1676520068&ga_hid=1135574500&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc98c815fb4d76f329dc592625a5bb3a189fb41bd3118a0258b7618f347cf793

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14560
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.zdrave.bg
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9556 6 KB
3 KB 288ms
46ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:08 GMT
expires: Fri, 16 Feb 2024 04:01:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fpdata.js Show response
gabg.hit.gemius.pl/ 278 B
641 B 280ms
74ms Script
application/x-javascript 78.128.6.42
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://gabg.hit.gemius.pl/fpdata.js?href=www.zdrave.bg
Requested by: Host: gabg.hit.gemius.pl
URL: http://gabg.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 78.128.6.42 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-42.telehouse.bg
Software: GHC /
Resource Hash: 8979a601d8f6db5bb3dfa6606edd66214d07bd8f2e85396d0c6eecc136b5320e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 278
expires: Sat, 18 Mar 2023 04:01:08 GMT

GET
H/1.1 200
OK lsget.html Show response
ls.hit.gemius.pl/ Frame C66B 5 KB
3 KB 99ms
27ms Document
text/html 146.59.30.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://ls.hit.gemius.pl/lsget.html
Requested by: Host: gabg.hit.gemius.pl
URL: http://gabg.hit.gemius.pl/xgemius.js
Protocol: HTTP/1.1
Server: 146.59.30.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ip104.ip-146-59-30.eu
Software: GHC /
Resource Hash: 6e79069b77b35ee0d4d56d1f63d20fce82946a0e770335867faff6b16560993c

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Accept-Ranges: none
Cache-Control: private, max-age=2592000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2716
Content-Type: text/html;charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 16 Feb 2023 04:01:08 GMT
ETag: PRIVATE7520710249
Expires: Sat, 18 Mar 2023 04:01:08 GMT
Keep-Alive: timeout=10
Last-Modified: Mon, 16 Jul 2012 10:03:40 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Server: GHC
Vary: Accept-Encoding,Origin,User-Agent

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 7B87 5 KB
3 KB 85ms
27ms Document
text/html 146.59.30.108
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html?mode=new
Requested by: Host: ls.hit.gemius.pl
URL: http://ls.hit.gemius.pl/lsget.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.108 , France, ASN16276 (OVH, FR),
Reverse DNS: ip108.ip-146-59-30.eu
Software: GHC /
Resource Hash: 8dc9f92b4c3f324e15e466ef9a1556d194e6e7c46bd8cbe355dfd69ce64714a5

Request headers

Referer: http://ls.hit.gemius.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: private, max-age=2592000
content-encoding: gzip
content-length: 2726
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:08 GMT
etag: PRIVATE7520710249
expires: Sat, 18 Mar 2023 04:01:08 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin,User-Agent

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 197ms
71ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023021301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8288f42c1e11d7aba7f755d3bd117bca4cea724d2d72a021d57ab9551dc2727d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11253
x-xss-protection: 0

GET
H2

200

rexdot.js Show response
gabg.hit.gemius.pl/__/_1676520068440/
Redirect Chain

https://gabg.hit.gemius.pl/_1676520068440/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrav...
https://gabg.hit.gemius.pl/__/_1676520068440/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=http%3A%2F%2Fwww.zd...

452 B
708 B

80ms
79ms

Script
application/x-javascript

78.128.6.42
TELEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://gabg.hit.gemius.pl/__/_1676520068440/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrave.bg%2F&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=TuCHtQrrJa5LCaxg8wTaDI324.gG7wof.uj6BmteXCH.N7iB.hVffhRlVQL.kcxawf.cWzNNbp7Kh9WciRjlYZXPU82_/cZdCqNZTaBHQY/&fpdata=g2.X1E3SCH4467.qqhMrjiWgmX89K7R1KbeyC43llTn.B7&ltime=318&fr=1&ref=&inner=_ver%3D335&lsadd=&exid=63edaa8407236698&brts=1676520068&fpcap=
Protocol: H2
Server: 78.128.6.42 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS: ip-6-42.telehouse.bg
Software: GHC /
Resource Hash: a1e021b2dfc86f207e222df5b4a15e7a484b70eae0a6a6d7b48bd18e34253761

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 452
expires: Wed, 15 Feb 2023 04:01:08 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1676520068440/rexdot.js?l=100&sendf=8&id=ous70LtcMDg4hZBoeTML28UFPzHZvwdNi.i4cwExhdr.Y7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=http%3A%2F%2Fwww.zdrave.bg%2F&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=TuCHtQrrJa5LCaxg8wTaDI324.gG7wof.uj6BmteXCH.N7iB.hVffhRlVQL.kcxawf.cWzNNbp7Kh9WciRjlYZXPU82_/cZdCqNZTaBHQY/&fpdata=g2.X1E3SCH4467.qqhMrjiWgmX89K7R1KbeyC43llTn.B7&ltime=318&fr=1&ref=&inner=_ver%3D335&lsadd=&exid=63edaa8407236698&brts=1676520068&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 15 Feb 2023 04:01:08 GMT

GET
H2 200 container.html Show response
57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5145 6 KB
3 KB 39ms
38ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:08 GMT
expires: Fri, 16 Feb 2024 04:01:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5C19 6 KB
3 KB 38ms
38ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:08 GMT
expires: Fri, 16 Feb 2024 04:01:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 595B 6 KB
3 KB 38ms
38ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:08 GMT
expires: Fri, 16 Feb 2024 04:01:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6139 624 B
694 B 74ms
72ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNX-bQxsBeuDmCjzAEWLVgnpfNvDzGjhTYFuZCX3i7-0RxljF2xATAKWILUHwt8HCseLGNU-5HF16Rb2Hel65259sQgaSOhGHypJeGtCoFvtUE54m04qzyNSnGNTka5J6WcR5FXRkQr4adqVWtmy95PkbL0ouiJ64O3VNubszMyjixQuad8

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:08 GMT
expires: Thu, 16 Feb 2023 04:01:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5145 78 KB
27 KB 241ms
125ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 04:01:08 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5145 42 B
107 B 196ms
82ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DGXD5R-_sqDcTJs6wNLpdYiKLhK-O1zv9Qw2-7Uj3nhR84AlFJnOrTMDPIdLZE858DpoRM1IJRxDkos0GqRXFmpHCBWm_tRpfIaAQP8onKw3r-62g

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5145 0
56 B 195ms
82ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4988106163142428719&x=1&ct=76

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 5145 3 KB
1 KB 232ms
94ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30593
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:31:15 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 5145 20 KB
9 KB 182ms
45ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30593
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:31:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5145 156 KB
48 KB 87ms
86ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 04:01:08 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0816 624 B
506 B 77ms
75ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjG8_zbATAB&v=APEucNVaZZSld5QQ_zbD3lYCx-kOmSqJvm65zI9UKc0X6YV95aQEMh9DSwWPFaiWvKSszE_q23nMt8nLKX0QwrUrt7VpLTctBTycD70VHqXs752SKIPZZAkvXAlMGsn7umabNNlnDHK7TsOzh2HcoKrNUa-Gt0vb7vk0feHCaCsWJJ86X-Z2Tfo

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:08 GMT
expires: Thu, 16 Feb 2023 04:01:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5C19 78 KB
27 KB 282ms
175ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 04:01:08 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C19 42 B
401 B 187ms
81ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DL1q9BrlgBqQNNwAMdwuC-Ui7p8z0KTUrb4sKQnVBEpnb9VeuP0W98ZyAXbmSn9ul3tpT1noa6Rd_gFVNGtGTBkq9cTJX_QATEfx0zDKH-Df70iGM

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C19 0
56 B 189ms
83ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14259578732761781700&x=1&ct=76

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 5C19 3 KB
1 KB 227ms
95ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30593
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:31:15 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 5C19 20 KB
8 KB 183ms
52ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30593
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:31:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C19 156 KB
48 KB 130ms
128ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 04:01:08 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D0BE 624 B
505 B 75ms
72ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYrdT4xgEwAQ&v=APEucNUo5VpdTi2PZOP9-Gbh9ShEEf3ZBxdSpO8nRYczUvo96q0d3_Gp2fjPrfygjyhJaNKax4o3ymOITejyPIWkNxoS-qE0tpMNEexGHfaTPDc4yfp9VvFVBdCa9kjan_4UdyHZkFcr6YBOpuB_hWWWjN3A7ki3uC8k6w8mfWWxS8znJf9VeF0

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:08 GMT
expires: Thu, 16 Feb 2023 04:01:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 595B 78 KB
27 KB 289ms
187ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 04:01:08 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 595B 42 B
107 B 239ms
138ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DaBsPpZQ9jRyC716Uei_WDUQr1472MPHowMXuqgHW-uOGpNwV6q19BvTwbea6b8mMgs4UrOaJM3VSJzVkXnwwKdtO-7S1MDf9RrdbanY3yRvy3iEI

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 595B 0
58 B 182ms
81ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10278532388706843865&x=1&ct=76

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 595B 3 KB
1 KB 222ms
96ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30593
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:31:15 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 595B 20 KB
8 KB 185ms
60ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30593
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:31:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 595B 156 KB
48 KB 113ms
112ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 04:01:08 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 258ms
151ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 04:01:08 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6139
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1

43 B
632 B

11ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNX-bQxsBeuDmCjzAEWLVgnpfNvDzGjhTYFuZCX3i7-0RxljF2xATAKWILUHwt8HCseLGNU-5HF16Rb2Hel65259sQgaSOhGHypJeGtCoFvtUE54m04qzyNSnGNTka5J6WcR5FXRkQr4adqVWtmy95PkbL0ouiJ64O3VNubszMyjixQuad8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6139
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.2qhPeKyxt.00fUaZTZeQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2

43 B
632 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNX-bQxsBeuDmCjzAEWLVgnpfNvDzGjhTYFuZCX3i7-0RxljF2xATAKWILUHwt8HCseLGNU-5HF16Rb2Hel65259sQgaSOhGHypJeGtCoFvtUE54m04qzyNSnGNTka5J6WcR5FXRkQr4adqVWtmy95PkbL0ouiJ64O3VNubszMyjixQuad8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6139
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

43 B
1 KB

17ms
15ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNX-bQxsBeuDmCjzAEWLVgnpfNvDzGjhTYFuZCX3i7-0RxljF2xATAKWILUHwt8HCseLGNU-5HF16Rb2Hel65259sQgaSOhGHypJeGtCoFvtUE54m04qzyNSnGNTka5J6WcR5FXRkQr4adqVWtmy95PkbL0ouiJ64O3VNubszMyjixQuad8

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
AN-X-Request-Uuid: bc39556c-1573-4708-a838-520ebb104986
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6139
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

170 B
232 B

182ms
71ms

Image
image/png

142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

Requested by

Protocol

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 04:01:08 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 21e3d0ad-a06c-4426-ac81-e2dfafc02979
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0816
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1

43 B
632 B

12ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjG8_zbATAB&v=APEucNVaZZSld5QQ_zbD3lYCx-kOmSqJvm65zI9UKc0X6YV95aQEMh9DSwWPFaiWvKSszE_q23nMt8nLKX0QwrUrt7VpLTctBTycD70VHqXs752SKIPZZAkvXAlMGsn7umabNNlnDHK7TsOzh2HcoKrNUa-Gt0vb7vk0feHCaCsWJJ86X-Z2Tfo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0816
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.2qhPeKyxt.00fUaZTZeQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2

43 B
632 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjG8_zbATAB&v=APEucNVaZZSld5QQ_zbD3lYCx-kOmSqJvm65zI9UKc0X6YV95aQEMh9DSwWPFaiWvKSszE_q23nMt8nLKX0QwrUrt7VpLTctBTycD70VHqXs752SKIPZZAkvXAlMGsn7umabNNlnDHK7TsOzh2HcoKrNUa-Gt0vb7vk0feHCaCsWJJ86X-Z2Tfo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0816
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

43 B
1 KB

15ms
14ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjG8_zbATAB&v=APEucNVaZZSld5QQ_zbD3lYCx-kOmSqJvm65zI9UKc0X6YV95aQEMh9DSwWPFaiWvKSszE_q23nMt8nLKX0QwrUrt7VpLTctBTycD70VHqXs752SKIPZZAkvXAlMGsn7umabNNlnDHK7TsOzh2HcoKrNUa-Gt0vb7vk0feHCaCsWJJ86X-Z2Tfo

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
AN-X-Request-Uuid: d503867a-065d-47d6-92d8-c4232e1ee021
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0816
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

170 B
243 B

170ms
69ms

Image
image/png

142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

Requested by

Protocol

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 04:01:08 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: b9b47896-515b-4351-9996-d2dab3c7d14d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D0BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1

43 B
766 B

10ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYrdT4xgEwAQ&v=APEucNUo5VpdTi2PZOP9-Gbh9ShEEf3ZBxdSpO8nRYczUvo96q0d3_Gp2fjPrfygjyhJaNKax4o3ymOITejyPIWkNxoS-qE0tpMNEexGHfaTPDc4yfp9VvFVBdCa9kjan_4UdyHZkFcr6YBOpuB_hWWWjN3A7ki3uC8k6w8mfWWxS8znJf9VeF0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D0BE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.2qhPeKyxt.00fUaZTZeQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYrdT4xgEwAQ&v=APEucNUo5VpdTi2PZOP9-Gbh9ShEEf3ZBxdSpO8nRYczUvo96q0d3_Gp2fjPrfygjyhJaNKax4o3ymOITejyPIWkNxoS-qE0tpMNEexGHfaTPDc4yfp9VvFVBdCa9kjan_4UdyHZkFcr6YBOpuB_hWWWjN3A7ki3uC8k6w8mfWWxS8znJf9VeF0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAyG317qeJrzfzagaA8VBO0&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame D0BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

43 B
1 KB

15ms
14ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYrdT4xgEwAQ&v=APEucNUo5VpdTi2PZOP9-Gbh9ShEEf3ZBxdSpO8nRYczUvo96q0d3_Gp2fjPrfygjyhJaNKax4o3ymOITejyPIWkNxoS-qE0tpMNEexGHfaTPDc4yfp9VvFVBdCa9kjan_4UdyHZkFcr6YBOpuB_hWWWjN3A7ki3uC8k6w8mfWWxS8znJf9VeF0

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 04:01:08 GMT
AN-X-Request-Uuid: 753b517c-ed90-43bd-84e1-f577600c3693
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENBL2fHpEYR42PXjrIaDkD8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame D0BE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

170 B
232 B

168ms
73ms

Image
image/png

142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D

Requested by

Protocol

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 04:01:08 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 89283d8e-03ec-4d75-aa9f-998bb42056b7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwMzExOTk2NTEyOTU3NDA0NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5145 0
56 B 81ms
80ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4776697502647&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5145 0
56 B 79ms
78ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4776697502647&version=m202301230201&ct=76&x=1&cor=4988106163142429000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5145 93 KB
37 KB 112ms
109ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiYyheHkCjWMdlJT_ckV_neHuKIEUiDacv1n4ZDmqMGXoKj77F5GQSKWCe4-szgB8oyOBSTlAw2DzWsx7FXcPcjgFamV5LYF0ZPwqzp9OCzbU3CQPhmEwkpLwF8L1y_6QmkIC_EvqrFwzeuPdG2-a2g5ovPXt4PwOU05Rp1NZC8gSaA2Y&dbm_d=AKAmf-A4WHvEmqhNSw8xG68L6sobll9zLtRRChpRv7m1amtJK5uYjvWynCI3SolOeaeq7g2otJSpXE04DjuJGn9p-f-zgsmKkHvfKFdI__eabDENJ4hFDDUwkuSAECwgHb24wvnF2rk_y574Z1bq4ENzUZD2pdZ-kV9LQLsQGZW6w0RJpK15StSoV2_6y74YRv0gjQvDAYtJ2keEaSbnKpOeX_rQfu__yuJCwy-AUCW6Kxa5O-IAyYdnax0N-WbVutQSEYXnkCOXXCWAn-p9sYi75IsjONJ3mJ75Vqw9yOsxVwKeRpN-5Z29_BxcAQ_v16Oe7AwUmRW9NoiXm6tH6_qEJs3l5kZkyBRwvHpk4oiNwZdi5evLJ5Ync0sMN7B5FiV5lA-JuVIRxTnSDBkHvcAt_UdIVdhbElMTjV2yrpRTSfFEAaMZ9DdSQbyukWDRkWeUcpeHTljfmJQCo96MSv3clOG2l_V18xDSxGXP4JgIdXIjx3vh43Wdcr0NQWPIQfvU3GdPNtvNVWt0S38fyOTFDf2P3o2GoBnpldWxaIbmwxPZZfKh0in9RLDSi7-vRKV89pnXmu2iniLofoxaEPgdVG18-FbtezzwnDb-_B4AnVYk-EJ4xr0zy2tHDVX0m8bLAHYgEo-BDVHZVCFXbNN7rMpz-Ht8wQCpvZLp5yNWPgGGceAePeymjskO-2RHPVj2oZWEu_PQqrbPH9Q6xLyZ_PZD0IMSWIatbJNZ0FsQNLGcTTssgQOu9x5k5Wkd43L8e5Mu66dJeKKrBEKf7ciLHWqYG8_NTudTgNEnQOwRXzNZrLmbAPZIdRNEMt3xK-GTlfolftDlGB3w9-Les41ETit39Zd5RQrCybADewLOVS7jRHQmTY8f9sUvzThzBuo8YlHzuk-X0W6XB-4Sf64MPreMKk8BUhQTCuJVunKcj8uILKBKVIbCqAiNeclKR9RnSwytD9XBN6VPL7Ohi4sNOVmK9N3xexV-uZezsTGCtrrJkxGhKx-MnAmX-xojkuk9S5kat7UEnHW_dSKonipn9JAJMpUOHBlz06rKUVw7FuMOCQpBPOb_0wxNcFVbAupnqi499_XpTEOdtwXMBsbArI4qvQMqXvN_3I2bKnYeptPTPbhOq3kQRb0OG6mdLD5tXEkXPNvT7TkIZTjm7S9W3myxKvlIaGYUS1ZdRlpe9u2ImOG3VeJzFmr8zn8I3NUDQEuq-OylcMoxhN10nY-zVZXK4KY5wYQ0nL6RP9gO0CxRE-DGMW3pRdEiZ6inUP7tjFHCYQ8tdvf8E2LwFQESfRcYP4A2CKb7LauCKHvTwPvHGHyAtoffyMjM61b6tC-t2a2LkMdxRQMYyBm3WSqNTcEKM7sJ5pfbw55_-pC4D5fY1BjsEt0g1qbmkxtE5KajnheiWRXDJ7egBnyxXsCM9UWvJs-L7Qh_JirOq9m9t9z2dc2Ti4xjpF6uIfqaUEX2aD72yA37MFXbU8Mwnjt3Vq05C_SvRtH193h49-6h4nrws1ImH5sRExPqUWCPWn9KYQlbbwnKr6aDPsOG0WF3U8Rb97VYprEFpulMXJpAeU4vQoErUtd1Oqc-528HSiPLN02hrfYobeQQX3FY7RqSCBU0UM5xKQOC97XrNAfo8ohIn5Oeh8B6FbAVAgxQDSwb2Xdo-l2fuED4L_ZOnt0_bA84aQxJ68tosjMrbDAzkOaMLKgmJLx-aqkqqTH_gsyFrqS2uLgFj5Z3Zm3j5hh0Y164-ad0bV40cgUysqqanz33Jy-yOqYmi_XdA0JfJxZIbs8mo-eAlz0mELGdtFAz8liHhF8_ph8gRwKfiIfLSvdzKPovRT5wX36zOkM_8-B1xr1N2oIKtKi6OvFI7UVqUgmCGk9bc4LDZqR9Rx9s8I4DP2VFSORsM9u9mIsQr9_TZkyktfCd9VuUMA71iw46fj-gg0Fn4VFc4bh4UitCxNmf1xhtS_orrxKhaWSXbJY-7FHQu5W8cARBXq6He48pzZ7UBHaZDEXonv6Iun2161UhVzqEYLo8E19CohCK3xfKqcs1TjmSSnxOJ7QTcN-hk4qW-n7gvA8ZuW-zDl29q8YcKoBykwnS4pV6OHXuTQFIpiIePCn6LgEGNJdv0PniBhupM7hsao6SYe1uwqNuMlDRVkkOAeYQF9Ssr-LLybtt_924_0hqm9KVdXS1bzIvKAlQG1JQpgfT6eeN6iITbVZkhCZwuO-GYY7kttJpsqxKS6rPLZ2Ao7YrAcwYI5UQZ-TXSHxf3YPMG0moEXAij04H6LR1IdEWG71j08ia3mvhK_04bbnNvfS8Yo6sVmKdv-Zr5w0YE24mpLbCOYITyux2q7aWHD80bvK6SezAIZcG-JxN3M_HsnONltRJ69c4b2fRbQQ6QI93agZo8yYkUCMWhUS78H4bt49Pvtg53lecJjN7kNgy5xV5gpebk3ltTTo9s6GCZ7Hc2Qb0dkmlFtaiL2BOrD4PCZriydtnWfty8PtDtdcTb3vHU9G4V15fwgrT9KELDLCrdzCH6dRCHKas6zrxDtrXOYI9Ro1op5r1xnmyfcHhNL_kkYmyNtTJouSNDwVMiQBx178Qab7Oerf4JolXjzZFb1JwjJ6unyQMNlUlB1gRG_Irc5bL1oP50K_F2x6uoL1I7jtd-iVQBKOBb7lX8Gc1a1Kwx940zo5NwWObw1eih93sxLI6fLEJ-MipSMu2gNPgcdDMAhQK5tIuBr53IgRVRs9PxARJuDLfP_gEUqtTvTWy9xG_4zmXwrBVlTf7DbtL8Sy-Vf1tmoAZJwiDqBq8Yn2j1s3gamASdsVbmXDF2kFOJ-288SqkkRBaxYYNWdKhs7Yu3F6id40a2KypN8Gjz07wk9kv7PMdRitke8WMrGDSxmlAw1_mR51ZqlqV6Y55mE1liEAISqSYTp1AdBonnFWolzPRz0rEAuMNK_J67VeuWEUUQn6lDaDTNaps-PzX0Sfpo1DIAzhMRbHBAuuaphlxhqvEEtiLYUIK0C9hZsdwaAogFVxf4tTC8abWV_z184soA1dP0qwjVcacrckdVR7ALjR8_DNA9DEj4TEoHf7xovDPc6opE1YbQYQZFwc7FrJJVuDFSy436MFwI0_HGcdciyApEWsN-Ep7deoe2JQfOdIfw97CotzkQyMupmZ1iM2281M1aW7y3o-zq9z-zc5ytpQuhskDvEBQJSfWfHW6WASTbeeUR_uxCMPGL1w0yr1lWEdysbtT3FR3K26oS_utuapP7OfVIHEUFNZoyZpQWvt_4gqmAcoZSRf5P9hD994eYHnmWF73F0gYnRe5sKXTIYFqNaVRskkiovg0IugLsY-eSVU2VWyAWpcLSB3HA4rZZb2_1IhiUUoBRnKWc0dOaAa3BvxyY51hZ0_WR_3hQ8McFUhG5yRqpvZqGlQm6uonYMHW2cZaNAoD6c124aV-sjb5m0BEq9QJn0ojOsCG64SeVsLsmY24tw9_NtllQduXfwYU4oYyQmxAF6hqPv71oz5iDIadNkxEB7RQ&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&dv3_ver=m202301230201&rfl=http%3A%2F%2Fwww.zdrave.bg%2F&ds=l&xdt=1&iif=1&cor=4988106163142429000&adk=1964084972&idt=268&cac=0&dtd=10

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

634d35009916a317056a4db995871e4d04492b7c669fe268eb99f85eb66d7376

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37715
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3693 13 KB
5 KB 53ms
47ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 30593
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:31:15 GMT
expires: Thu, 15 Feb 2024 19:31:15 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 688A 783 B
1 KB 205ms
70ms Document
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

76c3b011d904491290bd200cb39e2d1e09f9e2788d32876b04c909b1494ef63c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-osrXRva5LJbPpfYfm4VG8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.zdrave.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-osrXRva5LJbPpfYfm4VG8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:09 GMT
expires: Thu, 16 Feb 2023 04:01:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C19 0
56 B 79ms
78ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8519146269299&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C19 0
56 B 81ms
80ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8519146269299&version=m202301230201&ct=76&x=1&cor=14259578732761782000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5C19 87 KB
35 KB 150ms
150ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-An4oTT_MiTm6cICiiKR8uhRQ-SOQfZEI0YNYtxmQXTBSm0Lj_sh7N-Nt-_X_KpzTJazS3XYZ0gWj5KWrSseGE8AHqZv0gZXnSlFI2lX3nhrwerpIxKPH6mHxm2Fhzkzw8-NcVTGMYQ5lHMNdz98ZOXWmDawBB44I_rzCF41r2fWbC-sUs&dbm_d=AKAmf-BMrVH8CnKBnQLim0roCILnvUzPOBhE972TefIn9EvoXo_q7eU1sk97-3MuP4CchHqPbYDjBem6Td5hygB-2z6Ap-Y4hqw5UNudyeHp9yi_PAvKxeakRCziMopwbcYREdsOYnZRbWqB1DHzgkd4ef8b0JZnhELYnTAnsAez6SAilQkUo8K7mu4FccMGQHhbxfGrFYTOX5XaCJG0S6xeJ33S4CN3LNFzORtU-gr49S7uVYbmCF7jCtvjUaJm9-7815AiMtdWYV9DjDFSWduXGLMrbCL5Ghn_EFSNP86cgOLi-psTLEQHbSeWyQLpvaGOkmopCSOf7cMHSJ5JIHgse8nRdMPAGZAHbXfTawfchG6Mzu-oY3geH6_ubLow1h288BERVtRyBbemklq8iLfWCEwkbxD4Rehnt0l_PkNYIbgNifwvQwgqA4AUw2S1sh2qaPVKCq1p7113JuRiM5uNEImiI4dZP2qd_u41EQQNUVVKSwgE1ogkQjnVldBMa3Yk43aujr0q2XdSQFehcXVSirVqmO9qEC1Btsbk5r7c5MXuBpK58YN_U1MO087vnnPLpMyQzQmP0ETMglVMo8CdVPEkjKQgmOhf60rwF40TxN41j3eybACS5AfM3qfKyo2b4nY--l5h459DdPv-j_P9hiHXV0T3EzfQKYeyQggm5k7vst0H3eCkxAw4TaJX-TAj8OoQZghK5zU0M5FMhvyxcW7jjV3mVHNFdJxaUqu_WpWHe1JNFYXDIEp3xtLRJmx2Fr0OYIZJHXld13qlFKMSjRUlXTUe_hFe2yx2KQaGHvUkNeAUaloiNBaX5VHioGv39tzvoxYQzsrmOhnD0pu4YsIs_OkmrjkRuB267o10znG0EKqnCLI0PdCyHBa8U7RIUprdHfmX_2TpjPhowvPomK9hSAvLgJkZfzhlDduI_6vLHQ9EqSbcygcMeLIofpCWaQ8qlShI5MlcBhvh6FPhcYGqijToJRYWhJFAWcXwgLBxhoHKgYttBQ6CSSpOLHrxBTdXlt1xk8aMXuD7Gv41i3VzSjZ3LoDfGUGBy3bm47hI026Pmv6xsXGJLcxASjABVZOJgK-LXegVACWKFZAvEIyX-zB08H0KbEnn5_0mxZeyyUxjK7eB00uHFBgGXGRRYKTEVZE7i2B9VEOClFJ_BiqkkVQZEm9KIFk-aEwFBll9wm0MAP7GYBRT9DpA7QZOQlzqbB8ls1HMb1kATKtG-E_Eire4eriBEKXDxFlIeOGceNw5ZUyr8aFg2q3gpXcfHNmXyt0I5lu-f8rXrt7OT0FW-5m5mUkI0bnxVA2OTBxvFkmLAlQ7B3X1C6vDLAjePo5lLoYJtHIBzcrGHjn6s9quZvJq6arUx_jZVUInM2K25iKW1saUMXeYpxVSOJdss7bErYfIRAnYDKk_8G7r3hWjz3DEaKlP60T1Eo8YpWgfi4hmMWvv_XYR8ln9sTAzwXXtglkKZMosP6fTb7nTwouTjAUJDmG94Iba8g8roh_1KWmT8-BmYITOye2qxIu2htvfL-WVQ0mB26HAQDR49IPocLz_IbGALg2NlsM1RoSObzujZVyjcbxQrcH6xvM4m4UNagR9NPZOhQlNL_mgIh7HG73tqTJ9yc_ucWKRxVJBzgoileH5X_F_5ef8zB1gKIs1I1OL07lwb-l_z9KAn48ADCuSzTqxIuwY1rTMDLgg2bdGgdSiiX2W_bOrEUNKLAiIEdvFymDmMXc6-W6gyyHohxGF0mgDe4ow9f-0N0GJBaCv95IRS2vkxN484k1zHiO65Vw5QEejkJDJ4dr7kc0NkX51wX2uq9X7Rr2fNaKoWb21N54SNORDQb8epAEwPkSQk8fVWDJ21Y7lCjug9D9ZDpBFd_mvBKISptTNZypf2PuDYQfsWKeopGiW1PsnO7Wgr1yF7pHuHBxm8zHNpLGrQTVM8oEXHJgEzwh7XYLY4Fxtqt8_AWlZ_Vr0uSXk4FXedtc6_tzDOZ0n8u5kgtjtwECOayFoR_I1xrckGkQOSKHrTXZ90iSul0olNqI7YNztNKO-07RNH36r7VAVzH2PxmS8UT-QrzkVuHTnd2YkZl3Md14Z7RbLKXwE__8HRn6fSnouKTi9eE79ftuxfGtm5jYu8cBQg08hh-SvtbrJeQbLwEQiGFXd0nu4y5Auo7IQQ_vkwxjAmN4G0hEbhKBwir1JI2zycf3C9zi6eRR6ARGWE3rmKA46csvVe9aF_EpG-Rfvi7X4L5yxp6wOWtamCdASkzDuPoNPsSlhfzgHLgx3J5xtAQL-CQTzSTDKhooi0fgQaw0gpG-3NUMWxA2AOkAP6CaM6VFf7h28HPnkZiEH-s3cV4W89XEK9BdXVL6oylR1SHEuboucT1e2aJldw1FkZe7N9ONPG-tc48yoUfbKeQ5WiSth4FyYf0gw_ggrEyytpZ_y3d9oV7DMODekzVgK3Wlv5TwApm4t0voctomq6in6bQajsgoNrDtcqTbLdeLScXLe__eR-fP6CTA9AVy1FXfWTS-lGIKtmOpvQNDNk-Q76p7n4rIMjyr0L-46AsOtO7-fILmBMyzUphhFX1X_9urHVYk84zhXFURo38xOfjEMhWvCgkO-5ddJHYbs5cQztx18Xn7Msp6J2-TOgzfXQext4G8WuGPUaYI52wFjo1F4i3bC-uiyu5eRUDBNWP2p4lN6BIBNMSMMQqgKdvqWvszMDlRWiDX2uFaAvqL8uzvxAv6-uFuqzc2Uk_-p0lqkQkQMi1-XoIK0K2OsNSTjy4Xy9WEyYmOQiFAgPm2KVYzUa8cqAaiXjmGWpBa8eW3ObszzLQtVRA_dR7w2gZsTuW6XXvpcnWa7z2Jr9AG08WCRftByCiYr63sng9qWcyds36n5xZ_asY6kxrPGRLs2qcyujQQT2C6BmtK4hhQXhdQ1TDX6VZOPLI5OaI4OK1GsFxaJz27FGLtYYCXKFJJN9RsJohv_VvB5gltKwdYwzL_rq9lL1cdaAk6Ff_CBav9ZNDQEk56CpBvs7611gHkU_fTk_sxAFM9FIzQbbMIULXpwWnixNjpXhybvc_9wCF9TEoAVW2RMxo753S-94eb_UfViZqSr0Su5nu40ZVGA035PC2QA6QEWxVHlTQcp3QXcE-V_PGBqNa-fT2kAiFRNYhqcVV7ulluc0b8IMXc3s6MMpUH-CVIU1Xo--lJR8DX9e5NWrHTcxPyz5UXFb7gwaKXOcEDKn6dSH7apwL4ZFJ-nFeYOrc325dMEk07SyM2Jgd7kQm25Jn7FMkdu6TDBwqvhmyp58fIy11IrQMSl6P2okDunB2yp9uhrTGvqtPeOobdWToSRFH4uDjgxQOyXYpt2wPAcRvr-Xi6xCWvCr5Uu6wWC9ULnSs7kWU4G2fwRF6cq0x3hFUmBB9poId9w9_Gl3b5eX9oudOYdbGAdLi11ntLsEYNPRYKTtnOwiS4af3zNx-bWg1EJN-xR7N4GhGGY2eKuKz-1ZHw_lx9H7NI&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&dv3_ver=m202301230201&rfl=http%3A%2F%2Fwww.zdrave.bg%2F&ds=l&xdt=1&iif=1&cor=14259578732761782000&adk=2228999115&idt=316&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cfab5d50fef28c59188fbe1c6c9c9eb7540e22c15c8537e79f0d967e2415eb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36243
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 595B 0
56 B 80ms
79ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8032266851555&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 595B 0
56 B 227ms
227ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8032266851555&version=m202301230201&ct=76&x=1&cor=10278532388706845000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 595B 87 KB
36 KB 115ms
114ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_QdbsfzWiGfac7B8jHAMb8V3c1X5dGZOW06Ibgz-861B0sEG9N_RUBpMFp4WIMhTzv5dk9dBrB4aKm_exDbg1aJ1Jukmz6vWKauPgs8zwgfnRzZqaRWuEKMPQsukhGakf1DXKSSdO9hHbsLGttaI0rP67thxe8EG4Sj9n3xeiLsKvPg0&dbm_d=AKAmf-C_G8pj3F0KBDqXaBjT_IFZMDU5sVA52KHApyFjJ2oUEVGoAfZVz_fSYuFsUrA3_a3SfU9ouzTIbQQoOVVfmj0ZKc4ibIu6EnK0DEIiriNAgD12UAT6aYthJkRsSMenrEe1GQHASe-wkwgMz_QimTjHmA2dd-0k0u9qPxNrQmVdNjUJ5yi53ArtsXyEO-xmk4juNk-CI3KauhdHIVoJpG7jL_s14DBAxBQruXhsexoN1ZVgvOJNhpsudp-c5HA1Zk5zBI94psASXTI2fUhsl1kI4irFXmVJ6Eow8R2uGWlQFbgOJg_vwBOadqoH8vHKDWJqpuud7gZFMFu3YNOzXx0X7U2BcPfih0NHlBY4TIEGOovnkpH_XSyCcMEG0scjRMJxY123sN-nHGieYyJke3rIv2QIgEvC6WdmSFYmM-RDTQ_8Nf_bqV1u3GOwQib_mWho1hbE5tv2e968h4nlkpaMJJVnVSQ_2voUzGh3bPqmRTIEk-ltPKXRLsdOOhHJdkdpO-R7ewgjmmhMTyxdkMREC_63kwR52sWrrWnk3zUkRw709PPIGLJsmH-aM4gsA81SZyKcR62Bk_GU9kHYxu2AupksfnfBzwwpz-jiFuYWyMoXjA8VuE34gMN13K30tUoCKfUGxsDbEBZSweB49L9tjTIn76XkCWLayUbHhTksWfXYdoXhmrRZnnalCsNJ_s84VqsCXV5GQNqbPazXLz8PQSNoi5x2B1dM5s1Vulsetvt8v6PsmvyhKTWAksalv-kOSYOYWPYBCZJ28R3MK_eDQVrR-7EPO8UfpBwkZhRF1nqeRlavwyFr1UG5GOJZ2l7gcaJJlIB13FgTWdQHC14fUMjzm8AR-5lPm7ok3uqCzF_tWnFPXVl4ETyOamHB1Pu32LRi2TeYGr8HHpIgPGH8XcKEBN7hEcXSYCj_-cd2zrue2Cjxvp7MQYcdrL9XsNUKtYp20uC6XfOhUDzS1YHwot_J_65FOL9RtyLnhf_W2Zle-OrB62aBogmxReJtFgpkb4VQRmTuqS3xVJEAyezfAGpRWnHavD-Hws_yJry_9J2oeLOu2RBNKRXrJa-5inZkQSR_GN8EyBFQMUDMLfECefK9yF7xljf8WUukXPNo4XGczpwS4v-bFGNB-m1B7WFkVZqOAXhCu6GWWCVZwYz7X7FNxLJtNJZQhhrUQJcsHgkA2YB7skVfeP7jHFymAn7Wz49rorTCAIfcIn9iWAq9PG4MN9Xlt2JF-JXuzBnZBsdEmvENug0qD0NQMMBOZQpHVC3JnUjBs5kPPw0hT1t4A2g5RzmXcun86kAy8tGuN9fSdjR9rA5LoO6tVhWTV2audl6mhOUob3q9NHAwWmNYdcVHA1nPwteG5oKefzmfw1efA5j8qaR9Oqaol7vVY_WTled5r8AsCKX1IaptFvHKpiHS1AITHNjHgsDryt9LwxEalcnq8iN9_5drD5414QwYFycOfT4544dUTreEdK0Hv9nSNDeDj_IekCcAlW88BI3eb-jGv6VZkdEHcEGKoT8vkZSqrKHEb6XVx2CBon-xAuF0-qPoDqvjf-c0PCJksVip0MV4QyVR7ibk3YW7zQKK3EOa1Llv4bbUxQruFdjMk7_jEzN0x24bBpMxxkp2IzMjifWy94tQ_ysoSsJxDvkTzDyJEENRUYsEpKOwh5GmXSV35pahB27jjfTo21kO4rctJa3EnybRbXFFPr-faA1BanH08FXqe55POWRrX4UX7We63_Ui1uQtGj9fF_n7V9NawF7XO7vtVqGe6wkJyAabNH9-dXZMhQkRXEV7HKYLLyJO-H-NekRWq0BY0TKc9xGVA5CJnKV2hR3s1mYcHamNiagkOJkBWCe-CFewcJzX8heaJ7nL__CSweN26-PtE8Qqh0POUBqC0vP12WSU6iIFfXyLmtWgr17EZe3P4GOIZXR5WrcoKv5QBbT0Y5zE2aeyhjPn0lv1CNwqEtxMWfNG8VsZfPBiO-_8bakN0p885R6z5unFZOVoQ6-NOrrota8OSJCCGQTMDEmPot-MamV6NUyaXK8b9cCr39fujQd9SssxwXI_F-OMaEGxJ3UV_LehcIY52L2hvKLmVviW0Qe_sQOvidvW1oGI03qtQ2HTKyXtdRsJ5InRmjxKHNRXDQfVKRVWFW94FyR6SGkFCPf1S9p8F3XGEFohAVmGdjjyp51GCjYyJw4Dc7dvJUBl6KxqVT3QMuCaTRFt3HZxlWMINvRrcqpl4Ai0yuzyvzvZKx4HpjyXkbyOudAthKwDSzFU9DNjhkP6dx2jHb1Yi22HkR0duzDNO1QMqKNHYcE19q_joV52QPpGgP9rXYKMHohgXnsrAciIlAdypKaR0dRs0l36l2P2_hToYJ5YsBVgo_mvHYAb2cuvtk5MlZd1RQeOkk16-0lupE-8xPm4JXPzyfJLaxgH9xEOBBSFzvvrxcNDMcpEx7twFV0Ywe8QWv4CqgOI1HA51D6dSG01Pqdc7mcJ5-bQifPd8EZSyWTOV0-VqUtCEWAIkohe_EtSZCSpVcMDx99jQ9gpnQreM3Z1ERC3PCcoPsaS81DGQBuZOTwVBCVNW0fi9a-zssbV-o6cs5544rkvl-8YMgkw3kqJE3y3zlsQGkRClaL48DcPadtWZIllzcuPQsGT3S7cNSBEU3TUB2TEEBTJIAuxIns9q7wEyuYG0P8XgUp7pwoiY13bJskNMvbVw16GM9-Lzz69SMqfeCBALOoGMtvGPET1Vj-7QplT0tdP0_SHtOxRh5LXTO_NsFFEQ1d68zF1mZOLB2Wr5M5nFbNq9QoalJbYvWVQXTG44tpFmEz8R75AP83GfrMu7bZg2TadAuGctS_T9SstDOLj5d46LBzq7v6hnS6AKXEfPzNUdBNDOKgJr1tBWfdRGyte_fuyUdebDRhehOaqYfpT_F8x64R1TTFyj3vXTCI0sAVN0DJ_Ncg29m0qld_DtG9TwqRL3TxtNbA1bljzm-NsDVmScaRYna6IO0B9_wXBSJZXcgpuGEMk-mXWLAImBW83I-NCac5Gfz6ScCcgk0VWwM51Be_lTLNg8vKLf8k_H2C7daTbXnn3fsxh6ulNXP-xfdQTz08v8-lGQEya5fvGYe0yAyBwv1J0jG6Wp_PP7bwx3kVR7_WEkQJMbWzGxEx6YiJ3Jxqm5ShAo3zIAXYgVeROch1L5jSAMBXnlV6QT95KOB-lZeIw4oVjBO1eEe2VhZnZJucr5g-SJhwBR6i1CMsTNSU-MjfsUBz0dDfDO1ot15b2VNHpH8z90WQRmpiE_RAOdPVh7e3H846wsQjjJTUUtN-n207u5nTMXYQBBdFyPGsbaZMuP3t1BzOE8gUpEkYO8tMk15r-DgjCjUIykmVYjpxs44-xuEd1MrB1dLVPxQkIdQxEdVfuIJIOSImiOKGJyoxcifDrJCBnB93H2IYJ3jJ8V3vAZSWjFPkBFlsaqP38zDRfyKZrGA&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&dv3_ver=m202301230201&rfl=http%3A%2F%2Fwww.zdrave.bg%2F&ds=l&xdt=1&iif=1&cor=10278532388706845000&adk=3047537735&idt=320&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b4a5c37b350ff0b5faf875d4f56c0251ec4532ca6209da7eee75899860fad0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36532
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 3693 36 KB
14 KB 57ms
56ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/990511/61634098/ Frame 5145 243 KB
73 KB 218ms
28ms Script
application/javascript 34.254.219.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/990511/61634098/skeleton.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-7031831557830335&ias_chanId=1&ias_placementId=19429528027&bidurl=http://www.zdrave.bg/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0j8pJvIt_vGEZNmhWzMzQXJ
Requested by: Host: www.zdrave.bg
URL: http://www.zdrave.bg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.219.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-219-114.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 5b0387e6e1b265c23d741e6b9f0db377db33747bd4c532d929c1b298bf83ddaa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:09 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 5145 106 KB
37 KB 233ms
46ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Origin: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77937
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 06:22:12 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame 5145 8 KB
3 KB 47ms
46ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiYyheHkCjWMdlJT_ckV_neHuKIEUiDacv1n4ZDmqMGXoKj77F5GQSKWCe4-szgB8oyOBSTlAw2DzWsx7FXcPcjgFamV5LYF0ZPwqzp9OCzbU3CQPhmEwkpLwF8L1y_6QmkIC_EvqrFwzeuPdG2-a2g5ovPXt4PwOU05Rp1NZC8gSaA2Y&dbm_d=AKAmf-A4WHvEmqhNSw8xG68L6sobll9zLtRRChpRv7m1amtJK5uYjvWynCI3SolOeaeq7g2otJSpXE04DjuJGn9p-f-zgsmKkHvfKFdI__eabDENJ4hFDDUwkuSAECwgHb24wvnF2rk_y574Z1bq4ENzUZD2pdZ-kV9LQLsQGZW6w0RJpK15StSoV2_6y74YRv0gjQvDAYtJ2keEaSbnKpOeX_rQfu__yuJCwy-AUCW6Kxa5O-IAyYdnax0N-WbVutQSEYXnkCOXXCWAn-p9sYi75IsjONJ3mJ75Vqw9yOsxVwKeRpN-5Z29_BxcAQ_v16Oe7AwUmRW9NoiXm6tH6_qEJs3l5kZkyBRwvHpk4oiNwZdi5evLJ5Ync0sMN7B5FiV5lA-JuVIRxTnSDBkHvcAt_UdIVdhbElMTjV2yrpRTSfFEAaMZ9DdSQbyukWDRkWeUcpeHTljfmJQCo96MSv3clOG2l_V18xDSxGXP4JgIdXIjx3vh43Wdcr0NQWPIQfvU3GdPNtvNVWt0S38fyOTFDf2P3o2GoBnpldWxaIbmwxPZZfKh0in9RLDSi7-vRKV89pnXmu2iniLofoxaEPgdVG18-FbtezzwnDb-_B4AnVYk-EJ4xr0zy2tHDVX0m8bLAHYgEo-BDVHZVCFXbNN7rMpz-Ht8wQCpvZLp5yNWPgGGceAePeymjskO-2RHPVj2oZWEu_PQqrbPH9Q6xLyZ_PZD0IMSWIatbJNZ0FsQNLGcTTssgQOu9x5k5Wkd43L8e5Mu66dJeKKrBEKf7ciLHWqYG8_NTudTgNEnQOwRXzNZrLmbAPZIdRNEMt3xK-GTlfolftDlGB3w9-Les41ETit39Zd5RQrCybADewLOVS7jRHQmTY8f9sUvzThzBuo8YlHzuk-X0W6XB-4Sf64MPreMKk8BUhQTCuJVunKcj8uILKBKVIbCqAiNeclKR9RnSwytD9XBN6VPL7Ohi4sNOVmK9N3xexV-uZezsTGCtrrJkxGhKx-MnAmX-xojkuk9S5kat7UEnHW_dSKonipn9JAJMpUOHBlz06rKUVw7FuMOCQpBPOb_0wxNcFVbAupnqi499_XpTEOdtwXMBsbArI4qvQMqXvN_3I2bKnYeptPTPbhOq3kQRb0OG6mdLD5tXEkXPNvT7TkIZTjm7S9W3myxKvlIaGYUS1ZdRlpe9u2ImOG3VeJzFmr8zn8I3NUDQEuq-OylcMoxhN10nY-zVZXK4KY5wYQ0nL6RP9gO0CxRE-DGMW3pRdEiZ6inUP7tjFHCYQ8tdvf8E2LwFQESfRcYP4A2CKb7LauCKHvTwPvHGHyAtoffyMjM61b6tC-t2a2LkMdxRQMYyBm3WSqNTcEKM7sJ5pfbw55_-pC4D5fY1BjsEt0g1qbmkxtE5KajnheiWRXDJ7egBnyxXsCM9UWvJs-L7Qh_JirOq9m9t9z2dc2Ti4xjpF6uIfqaUEX2aD72yA37MFXbU8Mwnjt3Vq05C_SvRtH193h49-6h4nrws1ImH5sRExPqUWCPWn9KYQlbbwnKr6aDPsOG0WF3U8Rb97VYprEFpulMXJpAeU4vQoErUtd1Oqc-528HSiPLN02hrfYobeQQX3FY7RqSCBU0UM5xKQOC97XrNAfo8ohIn5Oeh8B6FbAVAgxQDSwb2Xdo-l2fuED4L_ZOnt0_bA84aQxJ68tosjMrbDAzkOaMLKgmJLx-aqkqqTH_gsyFrqS2uLgFj5Z3Zm3j5hh0Y164-ad0bV40cgUysqqanz33Jy-yOqYmi_XdA0JfJxZIbs8mo-eAlz0mELGdtFAz8liHhF8_ph8gRwKfiIfLSvdzKPovRT5wX36zOkM_8-B1xr1N2oIKtKi6OvFI7UVqUgmCGk9bc4LDZqR9Rx9s8I4DP2VFSORsM9u9mIsQr9_TZkyktfCd9VuUMA71iw46fj-gg0Fn4VFc4bh4UitCxNmf1xhtS_orrxKhaWSXbJY-7FHQu5W8cARBXq6He48pzZ7UBHaZDEXonv6Iun2161UhVzqEYLo8E19CohCK3xfKqcs1TjmSSnxOJ7QTcN-hk4qW-n7gvA8ZuW-zDl29q8YcKoBykwnS4pV6OHXuTQFIpiIePCn6LgEGNJdv0PniBhupM7hsao6SYe1uwqNuMlDRVkkOAeYQF9Ssr-LLybtt_924_0hqm9KVdXS1bzIvKAlQG1JQpgfT6eeN6iITbVZkhCZwuO-GYY7kttJpsqxKS6rPLZ2Ao7YrAcwYI5UQZ-TXSHxf3YPMG0moEXAij04H6LR1IdEWG71j08ia3mvhK_04bbnNvfS8Yo6sVmKdv-Zr5w0YE24mpLbCOYITyux2q7aWHD80bvK6SezAIZcG-JxN3M_HsnONltRJ69c4b2fRbQQ6QI93agZo8yYkUCMWhUS78H4bt49Pvtg53lecJjN7kNgy5xV5gpebk3ltTTo9s6GCZ7Hc2Qb0dkmlFtaiL2BOrD4PCZriydtnWfty8PtDtdcTb3vHU9G4V15fwgrT9KELDLCrdzCH6dRCHKas6zrxDtrXOYI9Ro1op5r1xnmyfcHhNL_kkYmyNtTJouSNDwVMiQBx178Qab7Oerf4JolXjzZFb1JwjJ6unyQMNlUlB1gRG_Irc5bL1oP50K_F2x6uoL1I7jtd-iVQBKOBb7lX8Gc1a1Kwx940zo5NwWObw1eih93sxLI6fLEJ-MipSMu2gNPgcdDMAhQK5tIuBr53IgRVRs9PxARJuDLfP_gEUqtTvTWy9xG_4zmXwrBVlTf7DbtL8Sy-Vf1tmoAZJwiDqBq8Yn2j1s3gamASdsVbmXDF2kFOJ-288SqkkRBaxYYNWdKhs7Yu3F6id40a2KypN8Gjz07wk9kv7PMdRitke8WMrGDSxmlAw1_mR51ZqlqV6Y55mE1liEAISqSYTp1AdBonnFWolzPRz0rEAuMNK_J67VeuWEUUQn6lDaDTNaps-PzX0Sfpo1DIAzhMRbHBAuuaphlxhqvEEtiLYUIK0C9hZsdwaAogFVxf4tTC8abWV_z184soA1dP0qwjVcacrckdVR7ALjR8_DNA9DEj4TEoHf7xovDPc6opE1YbQYQZFwc7FrJJVuDFSy436MFwI0_HGcdciyApEWsN-Ep7deoe2JQfOdIfw97CotzkQyMupmZ1iM2281M1aW7y3o-zq9z-zc5ytpQuhskDvEBQJSfWfHW6WASTbeeUR_uxCMPGL1w0yr1lWEdysbtT3FR3K26oS_utuapP7OfVIHEUFNZoyZpQWvt_4gqmAcoZSRf5P9hD994eYHnmWF73F0gYnRe5sKXTIYFqNaVRskkiovg0IugLsY-eSVU2VWyAWpcLSB3HA4rZZb2_1IhiUUoBRnKWc0dOaAa3BvxyY51hZ0_WR_3hQ8McFUhG5yRqpvZqGlQm6uonYMHW2cZaNAoD6c124aV-sjb5m0BEq9QJn0ojOsCG64SeVsLsmY24tw9_NtllQduXfwYU4oYyQmxAF6hqPv71oz5iDIadNkxEB7RQ&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&dv3_ver=m202301230201&rfl=http%3A%2F%2Fwww.zdrave.bg%2F&ds=l&xdt=1&iif=1&cor=4988106163142429000&adk=1964084972&idt=268&cac=0&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30644
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 5145 28 KB
11 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30644
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10817
x-xss-protection: 0
server: cafe
etag: 7837758721724492523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 595B 170 KB
59 KB 262ms
109ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Origin: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 19:30:26 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame 595B 8 KB
3 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_QdbsfzWiGfac7B8jHAMb8V3c1X5dGZOW06Ibgz-861B0sEG9N_RUBpMFp4WIMhTzv5dk9dBrB4aKm_exDbg1aJ1Jukmz6vWKauPgs8zwgfnRzZqaRWuEKMPQsukhGakf1DXKSSdO9hHbsLGttaI0rP67thxe8EG4Sj9n3xeiLsKvPg0&dbm_d=AKAmf-C_G8pj3F0KBDqXaBjT_IFZMDU5sVA52KHApyFjJ2oUEVGoAfZVz_fSYuFsUrA3_a3SfU9ouzTIbQQoOVVfmj0ZKc4ibIu6EnK0DEIiriNAgD12UAT6aYthJkRsSMenrEe1GQHASe-wkwgMz_QimTjHmA2dd-0k0u9qPxNrQmVdNjUJ5yi53ArtsXyEO-xmk4juNk-CI3KauhdHIVoJpG7jL_s14DBAxBQruXhsexoN1ZVgvOJNhpsudp-c5HA1Zk5zBI94psASXTI2fUhsl1kI4irFXmVJ6Eow8R2uGWlQFbgOJg_vwBOadqoH8vHKDWJqpuud7gZFMFu3YNOzXx0X7U2BcPfih0NHlBY4TIEGOovnkpH_XSyCcMEG0scjRMJxY123sN-nHGieYyJke3rIv2QIgEvC6WdmSFYmM-RDTQ_8Nf_bqV1u3GOwQib_mWho1hbE5tv2e968h4nlkpaMJJVnVSQ_2voUzGh3bPqmRTIEk-ltPKXRLsdOOhHJdkdpO-R7ewgjmmhMTyxdkMREC_63kwR52sWrrWnk3zUkRw709PPIGLJsmH-aM4gsA81SZyKcR62Bk_GU9kHYxu2AupksfnfBzwwpz-jiFuYWyMoXjA8VuE34gMN13K30tUoCKfUGxsDbEBZSweB49L9tjTIn76XkCWLayUbHhTksWfXYdoXhmrRZnnalCsNJ_s84VqsCXV5GQNqbPazXLz8PQSNoi5x2B1dM5s1Vulsetvt8v6PsmvyhKTWAksalv-kOSYOYWPYBCZJ28R3MK_eDQVrR-7EPO8UfpBwkZhRF1nqeRlavwyFr1UG5GOJZ2l7gcaJJlIB13FgTWdQHC14fUMjzm8AR-5lPm7ok3uqCzF_tWnFPXVl4ETyOamHB1Pu32LRi2TeYGr8HHpIgPGH8XcKEBN7hEcXSYCj_-cd2zrue2Cjxvp7MQYcdrL9XsNUKtYp20uC6XfOhUDzS1YHwot_J_65FOL9RtyLnhf_W2Zle-OrB62aBogmxReJtFgpkb4VQRmTuqS3xVJEAyezfAGpRWnHavD-Hws_yJry_9J2oeLOu2RBNKRXrJa-5inZkQSR_GN8EyBFQMUDMLfECefK9yF7xljf8WUukXPNo4XGczpwS4v-bFGNB-m1B7WFkVZqOAXhCu6GWWCVZwYz7X7FNxLJtNJZQhhrUQJcsHgkA2YB7skVfeP7jHFymAn7Wz49rorTCAIfcIn9iWAq9PG4MN9Xlt2JF-JXuzBnZBsdEmvENug0qD0NQMMBOZQpHVC3JnUjBs5kPPw0hT1t4A2g5RzmXcun86kAy8tGuN9fSdjR9rA5LoO6tVhWTV2audl6mhOUob3q9NHAwWmNYdcVHA1nPwteG5oKefzmfw1efA5j8qaR9Oqaol7vVY_WTled5r8AsCKX1IaptFvHKpiHS1AITHNjHgsDryt9LwxEalcnq8iN9_5drD5414QwYFycOfT4544dUTreEdK0Hv9nSNDeDj_IekCcAlW88BI3eb-jGv6VZkdEHcEGKoT8vkZSqrKHEb6XVx2CBon-xAuF0-qPoDqvjf-c0PCJksVip0MV4QyVR7ibk3YW7zQKK3EOa1Llv4bbUxQruFdjMk7_jEzN0x24bBpMxxkp2IzMjifWy94tQ_ysoSsJxDvkTzDyJEENRUYsEpKOwh5GmXSV35pahB27jjfTo21kO4rctJa3EnybRbXFFPr-faA1BanH08FXqe55POWRrX4UX7We63_Ui1uQtGj9fF_n7V9NawF7XO7vtVqGe6wkJyAabNH9-dXZMhQkRXEV7HKYLLyJO-H-NekRWq0BY0TKc9xGVA5CJnKV2hR3s1mYcHamNiagkOJkBWCe-CFewcJzX8heaJ7nL__CSweN26-PtE8Qqh0POUBqC0vP12WSU6iIFfXyLmtWgr17EZe3P4GOIZXR5WrcoKv5QBbT0Y5zE2aeyhjPn0lv1CNwqEtxMWfNG8VsZfPBiO-_8bakN0p885R6z5unFZOVoQ6-NOrrota8OSJCCGQTMDEmPot-MamV6NUyaXK8b9cCr39fujQd9SssxwXI_F-OMaEGxJ3UV_LehcIY52L2hvKLmVviW0Qe_sQOvidvW1oGI03qtQ2HTKyXtdRsJ5InRmjxKHNRXDQfVKRVWFW94FyR6SGkFCPf1S9p8F3XGEFohAVmGdjjyp51GCjYyJw4Dc7dvJUBl6KxqVT3QMuCaTRFt3HZxlWMINvRrcqpl4Ai0yuzyvzvZKx4HpjyXkbyOudAthKwDSzFU9DNjhkP6dx2jHb1Yi22HkR0duzDNO1QMqKNHYcE19q_joV52QPpGgP9rXYKMHohgXnsrAciIlAdypKaR0dRs0l36l2P2_hToYJ5YsBVgo_mvHYAb2cuvtk5MlZd1RQeOkk16-0lupE-8xPm4JXPzyfJLaxgH9xEOBBSFzvvrxcNDMcpEx7twFV0Ywe8QWv4CqgOI1HA51D6dSG01Pqdc7mcJ5-bQifPd8EZSyWTOV0-VqUtCEWAIkohe_EtSZCSpVcMDx99jQ9gpnQreM3Z1ERC3PCcoPsaS81DGQBuZOTwVBCVNW0fi9a-zssbV-o6cs5544rkvl-8YMgkw3kqJE3y3zlsQGkRClaL48DcPadtWZIllzcuPQsGT3S7cNSBEU3TUB2TEEBTJIAuxIns9q7wEyuYG0P8XgUp7pwoiY13bJskNMvbVw16GM9-Lzz69SMqfeCBALOoGMtvGPET1Vj-7QplT0tdP0_SHtOxRh5LXTO_NsFFEQ1d68zF1mZOLB2Wr5M5nFbNq9QoalJbYvWVQXTG44tpFmEz8R75AP83GfrMu7bZg2TadAuGctS_T9SstDOLj5d46LBzq7v6hnS6AKXEfPzNUdBNDOKgJr1tBWfdRGyte_fuyUdebDRhehOaqYfpT_F8x64R1TTFyj3vXTCI0sAVN0DJ_Ncg29m0qld_DtG9TwqRL3TxtNbA1bljzm-NsDVmScaRYna6IO0B9_wXBSJZXcgpuGEMk-mXWLAImBW83I-NCac5Gfz6ScCcgk0VWwM51Be_lTLNg8vKLf8k_H2C7daTbXnn3fsxh6ulNXP-xfdQTz08v8-lGQEya5fvGYe0yAyBwv1J0jG6Wp_PP7bwx3kVR7_WEkQJMbWzGxEx6YiJ3Jxqm5ShAo3zIAXYgVeROch1L5jSAMBXnlV6QT95KOB-lZeIw4oVjBO1eEe2VhZnZJucr5g-SJhwBR6i1CMsTNSU-MjfsUBz0dDfDO1ot15b2VNHpH8z90WQRmpiE_RAOdPVh7e3H846wsQjjJTUUtN-n207u5nTMXYQBBdFyPGsbaZMuP3t1BzOE8gUpEkYO8tMk15r-DgjCjUIykmVYjpxs44-xuEd1MrB1dLVPxQkIdQxEdVfuIJIOSImiOKGJyoxcifDrJCBnB93H2IYJ3jJ8V3vAZSWjFPkBFlsaqP38zDRfyKZrGA&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&dv3_ver=m202301230201&rfl=http%3A%2F%2Fwww.zdrave.bg%2F&ds=l&xdt=1&iif=1&cor=10278532388706845000&adk=3047537735&idt=320&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30644
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 595B 28 KB
11 KB 48ms
48ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30644
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10817
x-xss-protection: 0
server: cafe
etag: 7837758721724492523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 5C19 170 KB
59 KB 297ms
155ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Origin: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 19:30:26 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame 5C19 8 KB
3 KB 55ms
52ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-An4oTT_MiTm6cICiiKR8uhRQ-SOQfZEI0YNYtxmQXTBSm0Lj_sh7N-Nt-_X_KpzTJazS3XYZ0gWj5KWrSseGE8AHqZv0gZXnSlFI2lX3nhrwerpIxKPH6mHxm2Fhzkzw8-NcVTGMYQ5lHMNdz98ZOXWmDawBB44I_rzCF41r2fWbC-sUs&dbm_d=AKAmf-BMrVH8CnKBnQLim0roCILnvUzPOBhE972TefIn9EvoXo_q7eU1sk97-3MuP4CchHqPbYDjBem6Td5hygB-2z6Ap-Y4hqw5UNudyeHp9yi_PAvKxeakRCziMopwbcYREdsOYnZRbWqB1DHzgkd4ef8b0JZnhELYnTAnsAez6SAilQkUo8K7mu4FccMGQHhbxfGrFYTOX5XaCJG0S6xeJ33S4CN3LNFzORtU-gr49S7uVYbmCF7jCtvjUaJm9-7815AiMtdWYV9DjDFSWduXGLMrbCL5Ghn_EFSNP86cgOLi-psTLEQHbSeWyQLpvaGOkmopCSOf7cMHSJ5JIHgse8nRdMPAGZAHbXfTawfchG6Mzu-oY3geH6_ubLow1h288BERVtRyBbemklq8iLfWCEwkbxD4Rehnt0l_PkNYIbgNifwvQwgqA4AUw2S1sh2qaPVKCq1p7113JuRiM5uNEImiI4dZP2qd_u41EQQNUVVKSwgE1ogkQjnVldBMa3Yk43aujr0q2XdSQFehcXVSirVqmO9qEC1Btsbk5r7c5MXuBpK58YN_U1MO087vnnPLpMyQzQmP0ETMglVMo8CdVPEkjKQgmOhf60rwF40TxN41j3eybACS5AfM3qfKyo2b4nY--l5h459DdPv-j_P9hiHXV0T3EzfQKYeyQggm5k7vst0H3eCkxAw4TaJX-TAj8OoQZghK5zU0M5FMhvyxcW7jjV3mVHNFdJxaUqu_WpWHe1JNFYXDIEp3xtLRJmx2Fr0OYIZJHXld13qlFKMSjRUlXTUe_hFe2yx2KQaGHvUkNeAUaloiNBaX5VHioGv39tzvoxYQzsrmOhnD0pu4YsIs_OkmrjkRuB267o10znG0EKqnCLI0PdCyHBa8U7RIUprdHfmX_2TpjPhowvPomK9hSAvLgJkZfzhlDduI_6vLHQ9EqSbcygcMeLIofpCWaQ8qlShI5MlcBhvh6FPhcYGqijToJRYWhJFAWcXwgLBxhoHKgYttBQ6CSSpOLHrxBTdXlt1xk8aMXuD7Gv41i3VzSjZ3LoDfGUGBy3bm47hI026Pmv6xsXGJLcxASjABVZOJgK-LXegVACWKFZAvEIyX-zB08H0KbEnn5_0mxZeyyUxjK7eB00uHFBgGXGRRYKTEVZE7i2B9VEOClFJ_BiqkkVQZEm9KIFk-aEwFBll9wm0MAP7GYBRT9DpA7QZOQlzqbB8ls1HMb1kATKtG-E_Eire4eriBEKXDxFlIeOGceNw5ZUyr8aFg2q3gpXcfHNmXyt0I5lu-f8rXrt7OT0FW-5m5mUkI0bnxVA2OTBxvFkmLAlQ7B3X1C6vDLAjePo5lLoYJtHIBzcrGHjn6s9quZvJq6arUx_jZVUInM2K25iKW1saUMXeYpxVSOJdss7bErYfIRAnYDKk_8G7r3hWjz3DEaKlP60T1Eo8YpWgfi4hmMWvv_XYR8ln9sTAzwXXtglkKZMosP6fTb7nTwouTjAUJDmG94Iba8g8roh_1KWmT8-BmYITOye2qxIu2htvfL-WVQ0mB26HAQDR49IPocLz_IbGALg2NlsM1RoSObzujZVyjcbxQrcH6xvM4m4UNagR9NPZOhQlNL_mgIh7HG73tqTJ9yc_ucWKRxVJBzgoileH5X_F_5ef8zB1gKIs1I1OL07lwb-l_z9KAn48ADCuSzTqxIuwY1rTMDLgg2bdGgdSiiX2W_bOrEUNKLAiIEdvFymDmMXc6-W6gyyHohxGF0mgDe4ow9f-0N0GJBaCv95IRS2vkxN484k1zHiO65Vw5QEejkJDJ4dr7kc0NkX51wX2uq9X7Rr2fNaKoWb21N54SNORDQb8epAEwPkSQk8fVWDJ21Y7lCjug9D9ZDpBFd_mvBKISptTNZypf2PuDYQfsWKeopGiW1PsnO7Wgr1yF7pHuHBxm8zHNpLGrQTVM8oEXHJgEzwh7XYLY4Fxtqt8_AWlZ_Vr0uSXk4FXedtc6_tzDOZ0n8u5kgtjtwECOayFoR_I1xrckGkQOSKHrTXZ90iSul0olNqI7YNztNKO-07RNH36r7VAVzH2PxmS8UT-QrzkVuHTnd2YkZl3Md14Z7RbLKXwE__8HRn6fSnouKTi9eE79ftuxfGtm5jYu8cBQg08hh-SvtbrJeQbLwEQiGFXd0nu4y5Auo7IQQ_vkwxjAmN4G0hEbhKBwir1JI2zycf3C9zi6eRR6ARGWE3rmKA46csvVe9aF_EpG-Rfvi7X4L5yxp6wOWtamCdASkzDuPoNPsSlhfzgHLgx3J5xtAQL-CQTzSTDKhooi0fgQaw0gpG-3NUMWxA2AOkAP6CaM6VFf7h28HPnkZiEH-s3cV4W89XEK9BdXVL6oylR1SHEuboucT1e2aJldw1FkZe7N9ONPG-tc48yoUfbKeQ5WiSth4FyYf0gw_ggrEyytpZ_y3d9oV7DMODekzVgK3Wlv5TwApm4t0voctomq6in6bQajsgoNrDtcqTbLdeLScXLe__eR-fP6CTA9AVy1FXfWTS-lGIKtmOpvQNDNk-Q76p7n4rIMjyr0L-46AsOtO7-fILmBMyzUphhFX1X_9urHVYk84zhXFURo38xOfjEMhWvCgkO-5ddJHYbs5cQztx18Xn7Msp6J2-TOgzfXQext4G8WuGPUaYI52wFjo1F4i3bC-uiyu5eRUDBNWP2p4lN6BIBNMSMMQqgKdvqWvszMDlRWiDX2uFaAvqL8uzvxAv6-uFuqzc2Uk_-p0lqkQkQMi1-XoIK0K2OsNSTjy4Xy9WEyYmOQiFAgPm2KVYzUa8cqAaiXjmGWpBa8eW3ObszzLQtVRA_dR7w2gZsTuW6XXvpcnWa7z2Jr9AG08WCRftByCiYr63sng9qWcyds36n5xZ_asY6kxrPGRLs2qcyujQQT2C6BmtK4hhQXhdQ1TDX6VZOPLI5OaI4OK1GsFxaJz27FGLtYYCXKFJJN9RsJohv_VvB5gltKwdYwzL_rq9lL1cdaAk6Ff_CBav9ZNDQEk56CpBvs7611gHkU_fTk_sxAFM9FIzQbbMIULXpwWnixNjpXhybvc_9wCF9TEoAVW2RMxo753S-94eb_UfViZqSr0Su5nu40ZVGA035PC2QA6QEWxVHlTQcp3QXcE-V_PGBqNa-fT2kAiFRNYhqcVV7ulluc0b8IMXc3s6MMpUH-CVIU1Xo--lJR8DX9e5NWrHTcxPyz5UXFb7gwaKXOcEDKn6dSH7apwL4ZFJ-nFeYOrc325dMEk07SyM2Jgd7kQm25Jn7FMkdu6TDBwqvhmyp58fIy11IrQMSl6P2okDunB2yp9uhrTGvqtPeOobdWToSRFH4uDjgxQOyXYpt2wPAcRvr-Xi6xCWvCr5Uu6wWC9ULnSs7kWU4G2fwRF6cq0x3hFUmBB9poId9w9_Gl3b5eX9oudOYdbGAdLi11ntLsEYNPRYKTtnOwiS4af3zNx-bWg1EJN-xR7N4GhGGY2eKuKz-1ZHw_lx9H7NI&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&dv3_ver=m202301230201&rfl=http%3A%2F%2Fwww.zdrave.bg%2F&ds=l&xdt=1&iif=1&cor=14259578732761782000&adk=2228999115&idt=316&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30644
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 5C19 28 KB
11 KB 52ms
51ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30644
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10817
x-xss-protection: 0
server: cafe
etag: 7837758721724492523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 688A 0
0 91ms
91ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023021301&jk=1346822189608220&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5145 41 KB
15 KB 73ms
68ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30594
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 19:31:15 GMT

GET
DATA 200
OK truncated
/ Frame 5145 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 662979b7f65656bf4523077b22448867ae5dae4f281c9ff8898597470810f1f6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 595B 41 KB
15 KB 49ms
48ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30594
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 19:31:15 GMT

GET
DATA 200
OK truncated
/ Frame 595B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e77930dc91b5974ed8c0bae0d1fad359653ac28ddac9d8ff85c195a4a519b13

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5C19 41 KB
15 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:31:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30594
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 19:31:15 GMT

GET
DATA 200
OK truncated
/ Frame 5C19 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eedcc911203888991f5009c9dbfddcc538ba57f6e33e5993d50f05520b94a83b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DAF7 22 KB
8 KB 48ms
47ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 30594
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:31:15 GMT
expires: Thu, 15 Feb 2024 19:31:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 938A 22 KB
8 KB 48ms
47ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 30594
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:31:15 GMT
expires: Thu, 15 Feb 2024 19:31:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6171197435532655443/ Frame FBDC 143 KB
23 KB 142ms
47ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6171197435532655443/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b8b4d537d6eb7f042cd3891aa30a880b50e46f162b577b4a68468cb2f496190

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 67810
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23301
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 09:10:59 GMT
expires: Thu, 15 Feb 2024 09:10:59 GMT
last-modified: Tue, 29 Nov 2022 11:17:53 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5145 0
0 255ms
92ms Fetch
image/gif 172.217.19.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvZZkuit7kdDwXWUL-kMfT0AzOHgRmYQjasPlPlBSwRO9F0mC9ePsk2e7ZL3PNCS9KkXc79Q4vZJu6gTf046dNTVCZK_ZoyCfBSaznMvGY8W3CLggISlo4GRbf1fCkLcaO_bVlLuz76RpW8OxyN_-seNzZmWYgamONID_15NteUr5EbcnWT_6ZeKFcPOBrXjyAY22wyj9eZktAx0DzkRgvbaDTPyfw5Cmy_jNCHRHq2EXYUnNHANmn43KMskK7XTDXwbe5s4v5wrRfLnLYj51jVC3hpqwMNed5DA14d78-UGKDhUrLbN8Bv8iieVULWcAJPZXqPbjWhYo7Dw5OpHE4PG038ASAlWlxpL-O8tv5KeCvWaRIsuzFAwxGBRCVKSS2XYhue5q-jEqdL66vno5r9LS5Za9jFkJ5eUXdEduORwhd5NxH8o57cPMF8JYqtYxDXvHU2HDftdk8MFd77W4IFHtiDQ1rTisq1EiPq4EgYFlAllu-FQbI7VM00sGMBtrztp98k7aLBe71fzBiqSj21x__LrufAxGWvKEE-yoL6YleZYiAU_6Tlesu2U8RpyqJAVxzMPaccDRhZ23Do4vqt_SeG8N_RD4h2yIlewqBJIhUQCSSQxGAg6JEfcS3CdSCFgwrIpCYXRntF1JpbxcDQ4T8w0sUGyI8JR3w3aYZ_QdEYgHo1gF2CUvw58jeuGJR5p0bOYpQ1A5JqGO3Enx78DiW8Ar7KetOdV6JQwaQ1hr5P8g5mPdniUPPUR_W5CQzXUvuok0NropZTkaJz8TQ39wCIHoa4xsMwaHUGpzlOfdMWX5yvMpOxHKksVUFgl3c9hObObHPGfnJ-bSFWE5JiDD2j-4Rk62pOSibYc5aPc-CKcfUI2KaP_A4nA24wEa8JWbz5L3uMwvrpH8f0Q6BdrMJl-JBdOpQNG-bVK3yHtn9CvmysP4-zMRHZH3OOlmjG2WjhTS4yi1NS25G6xuK7mZWasLplCitunwWQPGLS-9qkqbRQW1HxKL8WnB7oJPWXXNwEhOeM2xGI8VAJaEpZbjyjTUFCwdSKRn9_cK1xNBhWnkiHp3TODWCSLHzqcVfJHp1baYUAHQl7dUMsPpzN6UrIAroqphLWglO1_XwTjZY42G__qX1KxoyyUGhwXq8gaZYa7a80DkZkb7X9Lqi850BKdLuSCeRRmAymuibVfiJdXqLxuns3ne_1q_3A-eVbu1kGcz-urmarr_CC7OBIA_ipFf1jHgraANLGrmws7a4&sai=AMfl-YSlWPCB1WmlKhVUzlrAnQk0WGl64ebvA5qInNRpFhnzDVhbNt-Y10TFWRfuUFCl9IQtjffoTVx7nivlukUtnrzSNlr4KKSkgH1SQPX2BXkpRrh6C5b04LilsrAnBhGQtPPntyjPkQB4gbbuNhmM4eZoVs_Ftrx3_6d4oOIvkrB5s43Oa8jF6fI-r4LKtRp2S0C_x97_YKrPyxRGjEqABCyj2Vk98D90Ug4sceW96zDU7dqMKOXA-WI72V5EVbosRM646WIG74pP2bqgONopZcJI4gcp2CR6CykU&sig=Cg0ArKJSzJCNr4uwHiMhEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=377&cbvp=1&cstd=373&cisv=r20230213.18884&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.19.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s27-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 04:01:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 04:01:09 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 5145
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/990511/61634098/4.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-7031831557830335&ias_chanId=1&ias_placementId=19429528027&bidurl=http://www.zdrave.bg/&ias...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

34ms
15ms

Script
application/javascript

2600:9000:238d:4800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:238d:4800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 22:03:50 GMT
x-amz-version-id: ttDhIYiXE0kVliG2ed9eZ.882H52mbmE
content-encoding: gzip
via: 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
age: 539840
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 09 Feb 2023 22:03:45 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: HTJZF3H7-1dxKoBk3Z110_HM3PeW_7B_vwI8gxzjb57PIILgCeIdKw==

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:09 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 26EB 91 KB
23 KB 85ms
17ms Script
application/javascript 2600:9000:238d:4800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:238d:4800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
age: 12745493
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: ftO3DhvANF-w4aB1PdK6C_EcLaNnb6fgaq1Nxscu426VlQ9WP5m1Lg==

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3693 0
10 B 51ms
47ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?y6Uvaw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:09 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5145 43 B
215 B 681ms
180ms Image
image/gif 2600:1f13:800:7780:7d4b:6267:96a3:77e2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=20a99090-102f-f17b-10ae-ab28bcba562a&tv=%7Bc:4lWTc5,pingTime:-3,time:94,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:36%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:94,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B83~0%5D,as:%5B83~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvZNm9Z+11%7C12%7C13%7C141%7C15*.990511-61634098%7C151%7C152%7C153%7C161%7C171%7C172%7C181%7C19,idMap:15*,rmeas:1,rend:0,renddet:DIV,siq:38%7D&br=c
Requested by: Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:7d4b:6267:96a3:77e2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
server: nginx
x-server-name: dt20.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5145 43 B
216 B 670ms
179ms Image
image/gif 2600:1f13:800:7780:7d4b:6267:96a3:77e2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=20a99090-102f-f17b-10ae-ab28bcba562a&tv=%7Bc:4lWTce,pingTime:-6,time:103,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:103,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B92~0%5D,as:%5B92~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvZNm9Z+11%7C12%7C13%7C141%7C15*.990511-61634098%7C151%7C152%7C153%7C161%7C171%7C172%7C181%7C19,idMap:15*,rmeas:1,rend:0,renddet:DIV,siq:38%7D&tpiLookup=ao:www.zdrave.bg&br=c
Requested by: Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:7d4b:6267:96a3:77e2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
server: nginx
x-server-name: dt21.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5C17 22 KB
8 KB 48ms
47ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 30594
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:31:15 GMT
expires: Thu, 15 Feb 2024 19:31:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5224251314673392648/ Frame 1712 15 KB
2 KB 97ms
80ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=Gt4uRvcv9v&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8bf54e9be763ab5fad815c7266f841438bb56c7747cf54b7cc620673b497cd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2278
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:09 GMT
expires: Fri, 16 Feb 2024 04:01:09 GMT
last-modified: Wed, 14 Sep 2022 10:36:03 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 595B 0
0 113ms
91ms Fetch
image/gif 172.217.19.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstbmy-TsxtrhEbCHqmtFfVKSpceQ4I-8StwrTYJ1fd8PeyGjejcpBJ_Q9o3Cq1J2vsqaWEQJ_U9XFoKJ0vk0WPztgdP2LB3A_ThIwETrK5viWS2X5GihJE84wf6t1bkinmGfXq4ujxN1e03kw9ZL4E6Rq38fYlLHBdQrdRyzwMmUD1_5FBpPqz-NO5CYCy42289tN0aYTzlAJ3iP1OSTKsnJylXV0Ruh2jSdSryZCtXnkTKToM2HqgmLI3hHJ03MtrdMKw6eNFI9xZoIlRgAZ8ZgW4PNk4D6yZztVmfD3TzzdwCP9aDM3zFHLSO-aAc4f9qkH2qOUXYIN7AZnhyoPQ-OBJb4SLgNxR_5fYuYmtvqwj7DyigDFY8OXNIv-cjefp-QBPKjvPi5L3rGw-FahYu0mdehKffEe-iso-qYro_lC3NS1bNXOBp2Ik4Xnv3Ay8GbE5A2KLSc3MhGHIdKfr40K-qGbnLsuCrzfhlEGgqKJLJB0Z0xibdlvaNu7AtKVgQhXcXNSQixQTO8VTeocDmj1V0M5z3wBH7VA2zjH-shhDe7X_UMhvsnLemXEcvmeVPee64dl_q8KlVz4SSxagFEf6YLy6Ed7PM26PYRGSu7TTf-S0QER17EL8TYnAe0YVAN_sOPX68dilJCxhOuexNnkl2jeUgCOU0fvjn8yzYYRHqpxsEchPF5Puc8AzOnmYUj9zWimsEK_-zheoJNTzR3A3HvBHWp9urbsgvmmfYKXaCiX__pa1klGBrM4LexTe0PJro1dC2uIFSZB5RHvN0DwX81WVDZUSRktb1dfXTQGu0XO5i9Y8L0Kv_gGZ3NlEjqsLODM75761hXEd_EH44ga4h2OZTDK4M54ZdzEihnz2fxwi2vTm35lEyU7rsDwgNKlAIoT8SaMTP68WWpNGUWUesNJK5D-trgvj-voMTgB7ybFT2WNhPwdLdPDNjzdxz2MxlMQkiAINnj-52RFyMC23SQqT4Pdk6Jkp-eti2kDqMvvDp-GypIQQNZB1M7VkXgMg7RQTbHYm0DpBULtt8eWxuD3_9XzI4wu2A4zKFXN6OobJMROu1xPozhx1hDTFXGUeY4Tddomz9VU-caSjeCGU7rRL_wwjylvbomHiDe2v8KD7Cu3FSLQowZJk3mgKidgRt_MoL_G2igYi7i6X__DRveBxj6Ux44ml2fOWgNWiRCCVIo17O6jIrNAIoZEYCsaebGP_HPKbhdvsY_SLg2Rj60d3l4bImnvkT&sai=AMfl-YSB5c0Z4aN5u0LhNNTzfWZ5M7z7Rfi2tpC1IYSdiD48XW3PCmLaEb5AMrGS_8pom-kVk2BpF4Kx6qL_vrH2QwXC0V3zLzpg59zQC66jSuY_SMzCYIEqHdwuGcez6sFh8VAhbAfOCW08PXarQNsIvYsUt0EvKB3O4bvrul8-LVCptXqj81KyyFXyJiqwsFTkPcJjM7YUwRdCWVIArBdFhtl-uw9KcHwubzF6UyNAnHMvEh_dBclusLMPWUqQWtAxi-hjRJF_mDMvGQbyVfl9nm1LfuD6apFiVhtM&sig=Cg0ArKJSzBjco57iDB7QEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=494&cbvp=1&cstd=483&cisv=r20230213.84685&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.19.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s27-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 04:01:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 04:01:09 GMT

GET
H3 200 300x600.html Show response
s0.2mdn.net/sadbundle/17236408239449440256/ Frame D0B5 47 KB
12 KB 83ms
82ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abd54f05f703b03c98279e65aeff2c8a876f4854059debbc9c95c106e218bac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 04:01:09 GMT
expires: Fri, 16 Feb 2024 04:01:09 GMT
last-modified: Wed, 15 Feb 2023 15:45:46 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C19 0
0 97ms
94ms Fetch
image/gif 172.217.19.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssfARAIsPy75f_8UqrRPQjL5QzBPpOT7FdsZEfY02Nt4KxBr5p_FCY9aiROKSJReGoRkjy7-FrnipDkA6ggKH7gC07yKE5Zl4nuEJTymYEe6QFDwZEzi_nu6CY8WqO234IgsFRx0u65A4MOcWbZqJ51vggxOTkn1cn6IfSjwlJ1QlP52zkPgbQcIEKTknXQ6yI5TYtgl--HOglO892jhS75DuhHtw8r1s5IYG13lfckJq62OMX93J1Wk7gr3mF1xvvoRBj6xH7BdVC9BBM44I5vqcPWWo04TJLbWzFh_lnUVZTSnf2-BvqeJN3G1N0tcgHievnUpCRM46oxXlHO6pVvVZuBGkmRx4W9_1evXLLvaGxfqTh1Tp_rUItmR-BlRjfsn3LjszN9UzhuFCSg6tBE5tChhrtzihaTFOslMbimJULtDRRdc5OzIiBS2iByZ455HFVdyszCXDc3GFB7b6mfUK2osgy8hT51emi4iS4uNdqQPrqtYXENsmE7Bc_OVlcK6UkLTDeZ0q7cjnhoySim0TPRYYzVz0VZEyAHSJEwVEVpgrVG6zvwoc3GIW_2qDj41nMmWYYJHSS1u-p3ap3YgbeqO_2ONM7GPOytnwJQg24YBARN61h6GesHteN9YDxMwq59QKcWnofFqVtYKP6VKy5zRYWL_nHnRO_3n4Dp14Zkb2ntXcLOovTRJLecdGJLj1TsKMaeFMa6E9M5gPvc_HF4JExiVlMd1QSrKfDtCf4U9x5qPBhU0Mo-T0OD0cUDXV5km2pV4Ie6gCcIBjkWb_QcoUKqZ__D7105kLTe71y-A9d3HaTS_n-dIFaoCUnSsRkMmqjQUA1sxRAZStxMevNDXBtzAeyCwYdAbmwFKFxQabRFaQmozL8PHxDpAQ02d_noxVO8rZ1rGJMrtC1ZzGzKXglAHEnAWgWtr2_P-MAQpWcxP7Kq417v7E6y8SVLIhTwCwIZceepmFmUxeDXzrp0Hv7aYB6t88WIBHV_miQ8byZVCAnGZe9ysWRl81keN-IfFAxVzcGFnmBguDqiHXteBJ_jzCLc8xCka869ZMEIMgSAlUe-MUhDYsL91tSGm9q5jLA04dW0_vQHEeR6sNa49i_Ik4u92dciU5APpU0dQNmp_cQyQM3o18EJ-_r2XgZTslrmH-0Tv13ulMHFsE3cYyys8tRny2VX5XKlmmvgJ-iP6Az_XqC6PD_sYLZd7LQhDaMg6xVepLao4AgKOpK4HR2TQGC2n-GMCw0&sai=AMfl-YS-6CcN6pKw-WpIDQSnKO2yAA_lsoRnUIEf7xn_mAj3akUI-wYtY-rOo4jsKHqAH8Zgk9YWS9w2vEhrtjSt3W4qfV_iX0Jp0d_Vtbli3N1SHeH1xAMdj81r-GrPIvs43aKNJorhK9IkI4ZJq5zjR3viYWr83MOpZlNxiSr1ipNeqZ8cCE10sAfzF5afnATtEco3dy9-kepxb7IXaE4cqqqRFPzQ3SAKXwFDJ2Z6MbAGtpqAKa_nCMhZI8Lwo4e8v6gDkfsCylzePtJiMOWIM0LiZLGkGd_w3xYW&sig=Cg0ArKJSzORRZ_oVAGg3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=536&cbvp=1&cstd=526&cisv=r20230213.31903&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.19.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s27-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 04:01:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 04:01:09 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5145 43 B
215 B 574ms
181ms Image
image/gif 2600:1f13:800:7780:7d4b:6267:96a3:77e2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=20a99090-102f-f17b-10ae-ab28bcba562a&tv=%7Bc:4lWTdP,pingTime:-2,time:202,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:949,beZ:951,mfA:954,cmA:956,inA:956,inZ:963,prA:963,prZ:977,si:986,poA:988,poZ:1021,cmZ:1021,mfZ:1021,loA:1052,loZ:1055,ltA:1151,ltZ:1151%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:36%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:202,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B191~0%5D,as:%5B191~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvZNm9Z+11%7C12%7C13%7C141%7C15*.990511-61634098%7C151%7C152%7C153%7C161%7C171%7C172%7C181%7C19,idMap:15*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV,siq:38,sinceFw:162,readyFired:true%7D&br=c
Requested by: Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:7d4b:6267:96a3:77e2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame FBDC 29 KB
10 KB 50ms
49ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 13:24:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52595
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 13:24:34 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame DAF7 36 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 938A 36 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H3 200 1661867165592.css
s0.2mdn.net/sadbundle/5224251314673392648/ Frame 1712 10 KB
2 KB 48ms
47ms Stylesheet
text/css 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=Gt4uRvcv9v&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01147cf422220b219bbbe8526abf4b3ac6d5c15a59ed7e48396af4b9c2ed80f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=Gt4uRvcv9v&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 06:45:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162960
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2428
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:36:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Feb 2024 06:45:09 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1712 118 KB
40 KB 51ms
50ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=Gt4uRvcv9v&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=Gt4uRvcv9v&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 19:30:26 GMT

GET
H3 200 1661867165592.js Show response
s0.2mdn.net/sadbundle/5224251314673392648/ Frame 1712 34 KB
11 KB 67ms
66ms Script
application/x-javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=Gt4uRvcv9v&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/index.html?e=69&leftOffset=0&topOffset=0&c=Gt4uRvcv9v&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 23:05:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190524
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11482
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:36:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Feb 2024 23:05:45 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame D0B5 118 KB
40 KB 59ms
57ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 19:30:26 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D0B5 63 KB
25 KB 105ms
103ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:01:09 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 5C17 36 KB
14 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5145 0
0 87ms
85ms Fetch
image/gif 172.217.19.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvZZkuit7kdDwXWUL-kMfT0AzOHgRmYQjasPlPlBSwRO9F0mC9ePsk2e7ZL3PNCS9KkXc79Q4vZJu6gTf046dNTVCZK_ZoyCfBSaznMvGY8W3CLggISlo4GRbf1fCkLcaO_bVlLuz76RpW8OxyN_-seNzZmWYgamONID_15NteUr5EbcnWT_6ZeKFcPOBrXjyAY22wyj9eZktAx0DzkRgvbaDTPyfw5Cmy_jNCHRHq2EXYUnNHANmn43KMskK7XTDXwbe5s4v5wrRfLnLYj51jVC3hpqwMNed5DA14d78-UGKDhUrLbN8Bv8iieVULWcAJPZXqPbjWhYo7Dw5OpHE4PG038ASAlWlxpL-O8tv5KeCvWaRIsuzFAwxGBRCVKSS2XYhue5q-jEqdL66vno5r9LS5Za9jFkJ5eUXdEduORwhd5NxH8o57cPMF8JYqtYxDXvHU2HDftdk8MFd77W4IFHtiDQ1rTisq1EiPq4EgYFlAllu-FQbI7VM00sGMBtrztp98k7aLBe71fzBiqSj21x__LrufAxGWvKEE-yoL6YleZYiAU_6Tlesu2U8RpyqJAVxzMPaccDRhZ23Do4vqt_SeG8N_RD4h2yIlewqBJIhUQCSSQxGAg6JEfcS3CdSCFgwrIpCYXRntF1JpbxcDQ4T8w0sUGyI8JR3w3aYZ_QdEYgHo1gF2CUvw58jeuGJR5p0bOYpQ1A5JqGO3Enx78DiW8Ar7KetOdV6JQwaQ1hr5P8g5mPdniUPPUR_W5CQzXUvuok0NropZTkaJz8TQ39wCIHoa4xsMwaHUGpzlOfdMWX5yvMpOxHKksVUFgl3c9hObObHPGfnJ-bSFWE5JiDD2j-4Rk62pOSibYc5aPc-CKcfUI2KaP_A4nA24wEa8JWbz5L3uMwvrpH8f0Q6BdrMJl-JBdOpQNG-bVK3yHtn9CvmysP4-zMRHZH3OOlmjG2WjhTS4yi1NS25G6xuK7mZWasLplCitunwWQPGLS-9qkqbRQW1HxKL8WnB7oJPWXXNwEhOeM2xGI8VAJaEpZbjyjTUFCwdSKRn9_cK1xNBhWnkiHp3TODWCSLHzqcVfJHp1baYUAHQl7dUMsPpzN6UrIAroqphLWglO1_XwTjZY42G__qX1KxoyyUGhwXq8gaZYa7a80DkZkb7X9Lqi850BKdLuSCeRRmAymuibVfiJdXqLxuns3ne_1q_3A-eVbu1kGcz-urmarr_CC7OBIA_ipFf1jHgraANLGrmws7a4&sai=AMfl-YSlWPCB1WmlKhVUzlrAnQk0WGl64ebvA5qInNRpFhnzDVhbNt-Y10TFWRfuUFCl9IQtjffoTVx7nivlukUtnrzSNlr4KKSkgH1SQPX2BXkpRrh6C5b04LilsrAnBhGQtPPntyjPkQB4gbbuNhmM4eZoVs_Ftrx3_6d4oOIvkrB5s43Oa8jF6fI-r4LKtRp2S0C_x97_YKrPyxRGjEqABCyj2Vk98D90Ug4sceW96zDU7dqMKOXA-WI72V5EVbosRM646WIG74pP2bqgONopZcJI4gcp2CR6CykU&sig=Cg0ArKJSzJCNr4uwHiMhEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=708&vt=11&dtpt=331&dett=3&cstd=373&cisv=r20230213.18884&vwbs=1&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.19.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s27-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 04:01:09 GMT

GET
H3 200 cta_deals.svg
s0.2mdn.net/creatives/assets/4722971/ Frame FBDC 5 KB
2 KB 60ms
48ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/cta_deals.svg

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da933ef53458927e254187e40711b33abc36dafd95218f913db426cf3e676e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:57:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1864
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 07:45:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:12:54 GMT

GET
H3 200 flextarif.svg
s0.2mdn.net/creatives/assets/4722971/ Frame FBDC 4 KB
1 KB 62ms
50ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/flextarif.svg

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc694511bff51871e9dc5ece4e9504015ad4810b9c78ab8b686a0f774d00eb7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:59:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1328
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 07:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:14:24 GMT

GET
H3 200 160x600_40_prozent.svg
s0.2mdn.net/creatives/assets/4722971/ Frame FBDC 10 KB
3 KB 61ms
49ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/160x600_40_prozent.svg

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ddddd2b784c484f45756dc8bba5419400a497369695802aa1a5c01e4a3aa7bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3020
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 07:45:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:14:23 GMT

GET
H3 200 160x600_head_2.svg
s0.2mdn.net/creatives/assets/4722971/ Frame FBDC 3 KB
1 KB 546ms
534ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/160x600_head_2.svg

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e70feec33ee57fdeed636ab89a20156515e29b96cc56d8e20fd1315dd05c46f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1353
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 07:45:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:16:10 GMT

GET
H3 200 160x600_head_1.svg
s0.2mdn.net/creatives/assets/4722971/ Frame FBDC 5 KB
2 KB 614ms
602ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/160x600_head_1.svg

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91300e289e33ce13ec40e4599a15ee0f1c7f6596cf9ab87e9b59b74449304678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2127
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 07:45:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:16:10 GMT

GET
H3 200 tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame FBDC 6 KB
2 KB 62ms
50ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:59:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2072
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 07:44:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:14:24 GMT

GET
H3 200 160x600_kv_fb.jpg
s0.2mdn.net/creatives/assets/4691997/ Frame FBDC 37 KB
37 KB 1156ms
1144ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4691997/160x600_kv_fb.jpg

Requested by

Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f00ff1a6909daa2d7f8141c285ceb23b76edcc1da40f0f2e717ad2b6c81a803a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6171197435532655443/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37787
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 10:22:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:16:10 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/5224251314673392648/ Frame 1712 3 KB
1 KB 48ms
47ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5224251314673392648/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93693
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:36:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Feb 2024 01:59:36 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 1712 13 KB
6 KB 173ms
51ms Script
text/javascript 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 04:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83661
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 04:46:49 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1712 7 KB
6 KB 76ms
74ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d680f4baa46f18ed1e5f02244fdb40d0b2de159b8582d40e1b01e10f25bf0f04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5795
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D0B5 7 KB
6 KB 92ms
77ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5439f44fe591de4882cd4453344b62bfd283f1d73ad94827876cd87a631e48b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5760
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C19 0
0 89ms
86ms Fetch
image/gif 172.217.19.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssfARAIsPy75f_8UqrRPQjL5QzBPpOT7FdsZEfY02Nt4KxBr5p_FCY9aiROKSJReGoRkjy7-FrnipDkA6ggKH7gC07yKE5Zl4nuEJTymYEe6QFDwZEzi_nu6CY8WqO234IgsFRx0u65A4MOcWbZqJ51vggxOTkn1cn6IfSjwlJ1QlP52zkPgbQcIEKTknXQ6yI5TYtgl--HOglO892jhS75DuhHtw8r1s5IYG13lfckJq62OMX93J1Wk7gr3mF1xvvoRBj6xH7BdVC9BBM44I5vqcPWWo04TJLbWzFh_lnUVZTSnf2-BvqeJN3G1N0tcgHievnUpCRM46oxXlHO6pVvVZuBGkmRx4W9_1evXLLvaGxfqTh1Tp_rUItmR-BlRjfsn3LjszN9UzhuFCSg6tBE5tChhrtzihaTFOslMbimJULtDRRdc5OzIiBS2iByZ455HFVdyszCXDc3GFB7b6mfUK2osgy8hT51emi4iS4uNdqQPrqtYXENsmE7Bc_OVlcK6UkLTDeZ0q7cjnhoySim0TPRYYzVz0VZEyAHSJEwVEVpgrVG6zvwoc3GIW_2qDj41nMmWYYJHSS1u-p3ap3YgbeqO_2ONM7GPOytnwJQg24YBARN61h6GesHteN9YDxMwq59QKcWnofFqVtYKP6VKy5zRYWL_nHnRO_3n4Dp14Zkb2ntXcLOovTRJLecdGJLj1TsKMaeFMa6E9M5gPvc_HF4JExiVlMd1QSrKfDtCf4U9x5qPBhU0Mo-T0OD0cUDXV5km2pV4Ie6gCcIBjkWb_QcoUKqZ__D7105kLTe71y-A9d3HaTS_n-dIFaoCUnSsRkMmqjQUA1sxRAZStxMevNDXBtzAeyCwYdAbmwFKFxQabRFaQmozL8PHxDpAQ02d_noxVO8rZ1rGJMrtC1ZzGzKXglAHEnAWgWtr2_P-MAQpWcxP7Kq417v7E6y8SVLIhTwCwIZceepmFmUxeDXzrp0Hv7aYB6t88WIBHV_miQ8byZVCAnGZe9ysWRl81keN-IfFAxVzcGFnmBguDqiHXteBJ_jzCLc8xCka869ZMEIMgSAlUe-MUhDYsL91tSGm9q5jLA04dW0_vQHEeR6sNa49i_Ik4u92dciU5APpU0dQNmp_cQyQM3o18EJ-_r2XgZTslrmH-0Tv13ulMHFsE3cYyys8tRny2VX5XKlmmvgJ-iP6Az_XqC6PD_sYLZd7LQhDaMg6xVepLao4AgKOpK4HR2TQGC2n-GMCw0&sai=AMfl-YS-6CcN6pKw-WpIDQSnKO2yAA_lsoRnUIEf7xn_mAj3akUI-wYtY-rOo4jsKHqAH8Zgk9YWS9w2vEhrtjSt3W4qfV_iX0Jp0d_Vtbli3N1SHeH1xAMdj81r-GrPIvs43aKNJorhK9IkI4ZJq5zjR3viYWr83MOpZlNxiSr1ipNeqZ8cCE10sAfzF5afnATtEco3dy9-kepxb7IXaE4cqqqRFPzQ3SAKXwFDJ2Z6MbAGtpqAKa_nCMhZI8Lwo4e8v6gDkfsCylzePtJiMOWIM0LiZLGkGd_w3xYW&sig=Cg0ArKJSzORRZ_oVAGg3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=925&vt=11&dtpt=389&dett=3&cstd=526&cisv=r20230213.31903&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.19.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s27-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 04:01:10 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame D0B5 47 KB
47 KB 48ms
47ms Font
font/woff2 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:58:15 GMT
x-content-type-options: nosniff
age: 175
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:13:15 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame D0B5 46 KB
46 KB 71ms
66ms Font
font/woff2 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:58:15 GMT
x-content-type-options: nosniff
age: 175
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:13:15 GMT

GET
H3 200 60005582_20230126031949838_iphone_14_Pro_Max_Asset_Logo.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame D0B5 21 KB
21 KB 73ms
69ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230126031949838_iphone_14_Pro_Max_Asset_Logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27c20205e6c72b5a8200dff49b94e1e923cc9d2e0c610229046db3c512860b2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:28:16 GMT
x-content-type-options: nosniff
age: 59574
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21390
x-xss-protection: 0
last-modified: Thu, 26 Jan 2023 11:19:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 11:28:16 GMT

GET
H3 200 60005582_20220825085151068_300x600_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame D0B5 61 KB
61 KB 75ms
72ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085151068_300x600_BG.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c384e161dd9d69bfc6e872774aadc81b3bd7534a97c5541d20a83c120704dbec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:56:42 GMT
x-content-type-options: nosniff
age: 7468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62713
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:51:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Feb 2023 01:56:42 GMT

GET
H3 200 60005582_20230113052337010_300x600_INTRO.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame D0B5 47 KB
47 KB 98ms
92ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230113052337010_300x600_INTRO.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ac736b755d1e73b248cacf82a532914045934b6166f27d849c5c48853039c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 16:56:41 GMT
x-content-type-options: nosniff
age: 39869
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48056
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 13:23:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 16:56:41 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame D0B5 43 B
459 B 97ms
14ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=29072291_4307561_354470166_170180369_PO0504A20230118&ref=29072291_4307561_354470166_170180369_PO0504A20230118
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 , Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
via: 1.1 varnish-live-2-1
last-modified: Wed, 08 Feb 2023 12:11:34 GMT
server: Apache
age: 0
etag: "2b-5f42f2a4ec980"
x-cache: MISS
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
x-varnish: 25110158
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 43

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame D0B5 26 KB
26 KB 110ms
105ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17236408239449440256/300x600.html?e=69&leftOffset=0&topOffset=0&c=3r6zvBv0TM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:51:03 GMT
x-content-type-options: nosniff
age: 607
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:06:03 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D0B5 17 KB
6 KB 136ms
135ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 04:01:10 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5145 43 B
215 B 177ms
175ms Image
image/gif 2600:1f13:800:7780:7d4b:6267:96a3:77e2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=20a99090-102f-f17b-10ae-ab28bcba562a&tv=%7Bc:4lWTnG,pingTime:-10,time:813,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTEwLjAuNTQ4MS4xMDAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002022202222222002020222222202022222220222202000022000220222220000000202202002222202222222220222222220000020022022200022222220200000222200022020002022022022222202002220222022222022220000000200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022020000000020000000000000000000020220202220000022200202202220022000200222022200200022220222200202222020002200002222022222202222000002002002222222202220022202200022002220202202,asp:1676520070296%7C%7C3a777687868bfcc5ab88aa52bf5ce2f2%7C%7C41c5992836ce3b548d2ab9f4e4ccb0b4%7C%7Ca11abe8b795a4db9e8baddacf0a0f7ce%7C%7Cef83e115664dbf98352d51131f6832bc%7C%7C972a839f7660626d6b3008320cb916a1%7C%7C8f52659c88236ceb96d6a156d7ea4c1b%7C%7Caff2cd063f4fd57aaafe6f5dc237b6f6%7C%7C1663701684%7D
Requested by: Host: 57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
URL: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:7d4b:6267:96a3:77e2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
server: nginx
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 595B 42 B
64 B 84ms
83ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuGvPmCj-VbFbTNPhua-S_8UR7Abt_nqgmvMvOv3RK_Insm5AAvfAXdxiA554BJ6zXvRvF6Ohh6N-rpryIONKWFt_uRf_JGSP3CQMmVKGh2KtWJFD2ohfoU_nC2HnR6sMPyKa8Kag&sai=AMfl-YQMo-VJYnNh9Wpqs_qnBDL7jf0qsJ0I7lxQw8J4hoTyOhvKqLkZBJFbBAOpGwGxppaQ-QIOLqAXszPJgZyROlQT8TCAuYn5izOmOmp8lJ485SG4dE89P9Q0tDwPFIqKzCD8obMeFRjdbuWcxg&sig=Cg0ArKJSzL11z85u3W54EAE&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&id=lidar2&mcvt=1035&p=37,562,127,1290&mtos=1035,1035,1035,1035,1035&tos=1035,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=192288229&rs=4&la=0&cr=0&vs=4&r=v&rst=1676520068543&rpt=800&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 1712 98 KB
98 KB 48ms
47ms Font
font/woff2 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:51:58 GMT
x-content-type-options: nosniff
age: 552
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:06:58 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 1712 57 KB
57 KB 52ms
52ms Font
font/woff 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5224251314673392648/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:00:02 GMT
x-content-type-options: nosniff
age: 68
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 04:15:02 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 83ms
82ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023021301&jk=1346822189608220&bg=!x8SlxJDNAAYuhb89DoU7ADkAdvg8WmYGutpoRvHcEbuaH2p6b-WWrWDgrtFL1JKAgA7ZCEyfYfGS0b6FuM1QNzjV0L0Esri9FD0CAAACt1IAAAAEaAEHmQLyyj59-MffGH0ktuhF1PEwqGVgTwujWF8aLEO5m6eda-JMvUC1EOQXsox-bRtywU-3fq0DwTDXH87QIcOsEW_rxvrXyOVWTMnY6hPyh3uM1MXZBcOdjSt07xxbaR9pIylupOuM847tcCL8WyxHKXyaurf8u2uSBZXoIy21Iz1RdTu4p8x9tyXs5LUsaoPH_kt28VkV7SYH00uCxCkUz7E8hpiodZLp2rqg2xDfP1zKGcR5lg2ISSIIX9QSqVnEU0YluqYHGw5WsY8OGzb1nCXOC3a3ssUPZMPAvk215qmU7U8iuTnYLKO-hnxoyc2N5n4a6Sd-yrtOgxvV97fBGQTB2R2sLFt0nnW4mLf-RIQi2oCo2giZTC21zU61t265Ts_of3egK6HujzN2LAUlodWXuZwzO5dUokjmg05jkye1HdItir3q2MBy5ugfZ3neSrukggPaArUUf2eR68HsngcMrxf5aeZ7xxKF4YqX-B2utkjt4FQ4Wg8rnXbqD0YQ2z2nnmuylwskUAsL2zlzArdYy8qSzVDPseLhZiK4B44fJGQCAG2pwJaXe71eW9x4K2dN0YT8m_xqCSJBQVwcfd33YKAv83K6HcMdLO0rG-AHJMDXIvxOfo6k0lTo6dFJ1-Kg0L2RSsclB2-ZZA5zJBD5M4LRNc6aUSaYVigXiRexrSSts05aYFvuakQWvxe_VDH_ycm1VsyJ5rMKpyjJfPKi5UE2qnma0tpOCGZZrABb2FR29QZZ5e3boeO7A2ILeIHrob1o0ib5NajKQehMNF7x9FmI9JT8I6iDMW2BcCZSBPxccqi90pp9Kmw8Wzw3NAMECXgpixX1iwK7VZ77IPtmqj4ssdcpgPMfagHvUDTGcVL9tmqlAvoyAFEkwmZVCwKL-sRQ5wRdZnfNw8sz9v3ozlc69rBZkQzn8_Nc5TBPY2krXFsz8D0vL_J6otpMIwDFV7lLF_o8b3AmrOD4MMryM_e19lYSLYlidJD4XmSasz2vhw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.zdrave.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 2825 36 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1712 17 KB
6 KB 82ms
81ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 04:01:10 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 595B 0
0 84ms
83ms Fetch
image/gif 172.217.19.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstbmy-TsxtrhEbCHqmtFfVKSpceQ4I-8StwrTYJ1fd8PeyGjejcpBJ_Q9o3Cq1J2vsqaWEQJ_U9XFoKJ0vk0WPztgdP2LB3A_ThIwETrK5viWS2X5GihJE84wf6t1bkinmGfXq4ujxN1e03kw9ZL4E6Rq38fYlLHBdQrdRyzwMmUD1_5FBpPqz-NO5CYCy42289tN0aYTzlAJ3iP1OSTKsnJylXV0Ruh2jSdSryZCtXnkTKToM2HqgmLI3hHJ03MtrdMKw6eNFI9xZoIlRgAZ8ZgW4PNk4D6yZztVmfD3TzzdwCP9aDM3zFHLSO-aAc4f9qkH2qOUXYIN7AZnhyoPQ-OBJb4SLgNxR_5fYuYmtvqwj7DyigDFY8OXNIv-cjefp-QBPKjvPi5L3rGw-FahYu0mdehKffEe-iso-qYro_lC3NS1bNXOBp2Ik4Xnv3Ay8GbE5A2KLSc3MhGHIdKfr40K-qGbnLsuCrzfhlEGgqKJLJB0Z0xibdlvaNu7AtKVgQhXcXNSQixQTO8VTeocDmj1V0M5z3wBH7VA2zjH-shhDe7X_UMhvsnLemXEcvmeVPee64dl_q8KlVz4SSxagFEf6YLy6Ed7PM26PYRGSu7TTf-S0QER17EL8TYnAe0YVAN_sOPX68dilJCxhOuexNnkl2jeUgCOU0fvjn8yzYYRHqpxsEchPF5Puc8AzOnmYUj9zWimsEK_-zheoJNTzR3A3HvBHWp9urbsgvmmfYKXaCiX__pa1klGBrM4LexTe0PJro1dC2uIFSZB5RHvN0DwX81WVDZUSRktb1dfXTQGu0XO5i9Y8L0Kv_gGZ3NlEjqsLODM75761hXEd_EH44ga4h2OZTDK4M54ZdzEihnz2fxwi2vTm35lEyU7rsDwgNKlAIoT8SaMTP68WWpNGUWUesNJK5D-trgvj-voMTgB7ybFT2WNhPwdLdPDNjzdxz2MxlMQkiAINnj-52RFyMC23SQqT4Pdk6Jkp-eti2kDqMvvDp-GypIQQNZB1M7VkXgMg7RQTbHYm0DpBULtt8eWxuD3_9XzI4wu2A4zKFXN6OobJMROu1xPozhx1hDTFXGUeY4Tddomz9VU-caSjeCGU7rRL_wwjylvbomHiDe2v8KD7Cu3FSLQowZJk3mgKidgRt_MoL_G2igYi7i6X__DRveBxj6Ux44ml2fOWgNWiRCCVIo17O6jIrNAIoZEYCsaebGP_HPKbhdvsY_SLg2Rj60d3l4bImnvkT&sai=AMfl-YSB5c0Z4aN5u0LhNNTzfWZ5M7z7Rfi2tpC1IYSdiD48XW3PCmLaEb5AMrGS_8pom-kVk2BpF4Kx6qL_vrH2QwXC0V3zLzpg59zQC66jSuY_SMzCYIEqHdwuGcez6sFh8VAhbAfOCW08PXarQNsIvYsUt0EvKB3O4bvrul8-LVCptXqj81KyyFXyJiqwsFTkPcJjM7YUwRdCWVIArBdFhtl-uw9KcHwubzF6UyNAnHMvEh_dBclusLMPWUqQWtAxi-hjRJF_mDMvGQbyVfl9nm1LfuD6apFiVhtM&sig=Cg0ArKJSzBjco57iDB7QEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1398&vt=11&dtpt=904&dett=3&cstd=483&cisv=r20230213.84685&arae=0&ftch=1&adurl=

Requested by

Host: www.zdrave.bg
URL: http://www.zdrave.bg/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.19.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s27-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 04:01:10 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DAF7 0
20 B 84ms
83ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BypYDhKrtY8jEOfCX9u8PpNaU4AwAAAAAOAHgBAI&bg=!3t2l3YnNAAYuhb89DoU7ADkAdvg8Wn23C-WtgK05H1Lvw1u4Wjc22lTUAOkEMYCx4WvsfBoIULWLeScwEKIrBl6TIpFJN0UT2wMCAAACpVIAAAAEaAEHmQMd72rMyQ3sA6_a5yHCmaed2uIR7XS3QO1ZX0YQrvPUxGA5kMjYtfx567XZrD4K8ouY-91Mn-IbfDFW5WpiAN4KnwbhyIJeHwxQGQFqogWagE5PJY8OYdPR9qhHmgxtTfT7ydfRdRHzuXHZW6cQ2JBsuVpJQfqvUVN5UtcYYQ3SY2MQuaCNRZAr54DldNH2dwvHJW320-7higMPPqz2cTdkekbTvSnBXWHu25Lj24s-DPJEInjrTBuGXMNb_QzwZbcatWUxvXe4_ChFnN-yND7X3C0LgjbgNghmljwX5uWcY81VPCqPMp8bRVoPTvCBHgy4o08-xRuREDe8qSMEi8J8PBx0ZfVXh_nANnGmnk2tm5a3Czb6Ag_g2Qm2f6YO9Cz5Rgz_ea3BZe0amUnb2oOKu6lHW6ZWbrKY2V5Ynx7WU_MVbGaQssIF_kBFdfoSNiuSkZYiFxkhsmcJ9xJ8XY613Ai0aPgRvoRbVhV4urPzu1PszGHh_eQ4rIHPzGs3g766GPkv0pGMNXznTQus3oA-j6gfNeIHKazQxn7BBoQ5qjTzJo0zrzq6fA6yOUm5sls84PtDEnjHXVwr4s2-arPM8viBaH7jkC4jN6NLKUFb-OlI-9VkCpxJ5uoRXPYeXw-9gSZRWNVCyfJNZ0ECEMfLD1X0zEdloHxeHUT8GKBtBDhAsDTBiBGoCy6qVlmHmJj6bAmaYtCtCN4D0e8yV8xwHzcCIHZpJTusQLxtKFknBwc_id0uewBnzKjPcQ9HBX_bQi2YeeCWSC0A7tA9bGaVTUKsw8hamsCDWaIjJ2MO3g52ADyZF3lmTnt2eXN1UYNKGyXhwv-WoDF90eRaDcWsf9ThUNUsZgNbO43SoB2QlSf5iQsYti4rU7lU3H7B9xILeb7oX7LxURdJ62y2VXzqkm9z5HbNx4s_cHA1YonhJ-CQz6-3FYEu0-OGmjLV75pw9xt_1fCc01DdieqVEsG5ubZw5lBvuMfFOH_2lPPRJHIED_V_IdCe81FyDxrQPFXqHlepXsRaeJxES-oZg3RoMZL1bG4JLdtFfzxXUgQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJxXzYyMHg3MDBfMjIxMC1hbmYtcy1pY29uczM1ODc1NWE3LTBlZmMtNGJjYS04Y2JhLTkyZTY4YjVjNTM0NS5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjE0N...
d27rf63iunghx1.cloudfront.net/ Frame 1712 36 KB
36 KB 118ms
9ms Image
image/png 2600:9000:2057:aa00:15:6513:6d40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d27rf63iunghx1.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJxXzYyMHg3MDBfMjIxMC1hbmYtcy1pY29uczM1ODc1NWE3LTBlZmMtNGJjYS04Y2JhLTkyZTY4YjVjNTM0NS5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjE0NTYsImhlaWdodCI6MTgwLCJmaXQiOiJpbnNpZGUifX19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:aa00:15:6513:6d40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c32d867fd1ab3f69923cbcd22b59160c4bade634ce83d90a70fb459725edb099

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:43:30 GMT
via: 1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 476260
x-amzn-requestid: 9d39520c-bc22-43b0-ae83-c6bfbf810503
x-cache: Hit from cloudfront
x-amz-apigw-id: AITlcGeEFiAFgYg=
content-length: 36391
last-modified: Tue, 22 Nov 2022 15:10:17 GMT
x-amzn-trace-id: Root=1-63e66622-5ef3772f399d44d87daac34d
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: yAa03fB7A19XRxz_cSkzwP-BZEymVi3Aer8WBarF3-n6xyjJVTlatA==

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiI3MjB4NjEwX3N0b2VyZXItZ2JwbHVzZGQ0NWRhNmEtYjlhYy00YTdjLTk1MDYtZDkwMmM2ZTFlODY2LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6MTQ1Niwia...
d27rf63iunghx1.cloudfront.net/ Frame 1712 31 KB
32 KB 123ms
15ms Image
image/png 2600:9000:2057:aa00:15:6513:6d40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d27rf63iunghx1.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiI3MjB4NjEwX3N0b2VyZXItZ2JwbHVzZGQ0NWRhNmEtYjlhYy00YTdjLTk1MDYtZDkwMmM2ZTFlODY2LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6MTQ1NiwiaGVpZ2h0IjoxODAsImZpdCI6Imluc2lkZSJ9fX0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:aa00:15:6513:6d40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ebaa028e53ceb3896c63bfbdb52a422b2419be96e936f7416a4aea330e69010c

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:43:25 GMT
via: 1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 476265
x-amzn-requestid: 93871001-e4e0-4134-bbb5-48d625de1b4b
x-cache: Hit from cloudfront
x-amz-apigw-id: AITkrFBiFiAFZMA=
content-length: 32039
last-modified: Tue, 22 Nov 2022 15:10:17 GMT
x-amzn-trace-id: Root=1-63e6661d-456f4e0767f47f4669309a64
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: TIoW7WL5i46DL1sGZGVTkr_z8F_13MwzMqyIOxDMvnipEJQtYKrAaw==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5145 42 B
64 B 83ms
83ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvaDai6o__9QcozRlprIW0r8sR7oOJX_gfps6ISFrveFPlK_xE95DCja7bHqnHm0YNy0yxln1gsWIRHZKr-GUjC976fS4oEvUYvfElwt4O6Gl1hO11aIptMYjUjsXyesFOA99H5sw&sai=AMfl-YTTMIgGIYrs-61p8Nk9UMr_YUnnZvz8_Qd2oXc-VPYRVTMTt6zYZ5mgbAUH6gveicgP10zyj_BhfPX1KfMeY9Dr6TGZp1O5WLq8MQp59TlZXiQx-D_xpMccV6EQ7MmpAsb_0GyJ9Xd0I4GRzA&sig=Cg0ArKJSzIXeY0ovUvrAEAE&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&id=lidar2&mcvt=1009&p=811,429,851,470&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=210898386&rs=4&la=0&cr=0&vs=4&r=v&rst=1676520068534&rpt=720&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 938A 0
20 B 83ms
83ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1pjHhKrtY6KUPK7O7_UPqfWUmAkAAAAAOAHgBAI&bg=!eXqlei7NAAYuhb89DoU7ADkAdvg8WtOe4OabFkIEzvnIWzPY_GYoq0p_IWGUKIwLT8sAFHzzhaImIA4ctlRWzoeeiQwE6ER8WyACAAACpFIAAAADaAEHmQMo6X0AQZtSoXJ-YIDemflObgzCw3PKhYdi3WKOTUWyiKQgwRnZLlRkdbB453CzEF0qL-gZ04JXqRK23QD8Xg_uIBXOyipCcEokkcrAAuFfyqQisCtZd-BhFZE5y5lsxiJfbMOQgiettYTYdAG6Y7KGi09oZkBBcXgr2YA8-NFZzewPiQhfDUG0yeu1lAguPp-8Q1S320iJ0aCpX_ixe7F5eiY2-UVApCRCVHZ5hmrz6e1sVMzSd2l7mNrdWVek8v93VBWknMxcOf_o7dH_S5vUpwb74D15kjwNNi4PPFT-j0DJSHw_IRPPnBh9jgUdimO5vTrS7Zz65a3rv7lk6JEe3JEfOMO5H7XnbDGsJ9daKpH3bE8eyPiRMd0Q-0A7I9Hd3KPv-7EVPBPIZ2JMwSZl7o3KBDtnwGZ9pCGvZYFBNxwGD1DwLWArf0UTbB-nEFo4ANf-2P-wEcYQGZidd2TcNl_N4ZDWd39wdTkZwk6HYFX0rUTn9boYiASUinktsWzNj_SxvpCePSaBV8z6yH-J3DBZu-Su5qmPojbanF0MSFjrY-eILm6PQhF9ix0DJwGj4Qa444kcf5nWtx8nRJCiLDTGPjxrzBlLcH7D5wFTpHbgVasdcn00661ERkAbee3rcy0WHt6dQJ5NDskl683r7Hy9LxUNAJtDz4k3mb-DqomGaPzqccYW6CCI1yZY8z55QRrZphervbsoBk3yBCag25qJNBGptyi1hz99hiW7rCeKOXb3VNWmyrTJ9q090yoD0-Jhl6xxt6PN45zYAmIKtLPMiKw_x-_ugAL-E2uoKdm7rWwZLBmHFajCwFLdTmC1OcLhKiq4qw9Pq5gcX4Nu9Fbw7zZxPb5aEqPENFyMDP-0-KAZdj9RUrDv7fvvZ4UC7fAzI9J-56GzY_6jZUSxGjSUYphBGDKXuXgytEKW6c1VdK9V0zv189Sub4tVwJBpptJLggXgAw2UgvJQAI7vN9uRB3r0qbJY0TIS_zixa7_SBqMo2Iy3QWVIKk-mYVQPt8tPSb4FHtSwhLPlUYpqYyK5czggIt3wdGt0lr8ahByy5UHWPvzuFw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C17 0
20 B 82ms
81ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BHMb6hKrtY_D5O6yrx_AP0r-62AIAAAAAOAHgBAI&bg=!5uWl5bHNAAYuhb89DoU7ADkAdvg8WjqyefWSbqFdmOfQ6CoiDSyXeT1ONegpE5JqSHO1uFdf6-b1dCDP8-ZJLXCnBQqYaM_S-_kCAAACa1IAAAAEaAEHmQMtZPDPqjAUYlLuoyaNEIyQVj1XX9PoB1kE0km5i2E2Le_labwwKZnFuZicg6rs5J_DiSl4lBuih7V5L2i5ZYUSIKgN2qiUonNUrjvABxISv34aqbhJmHNZSkpZ2cRSK3Tn0eB0yGUO7dDcPf_6-Icij3fK_LKuZ4icuj5lC2rZPPSW8M5Qf9wcAfBidyyh_cs054kPRD0-_6QzKTgJrEKu3-0GG4Y70MHzn-U9o5T3AoV1rQtVoHeCh-p34ZyRor684MQ9cOvrbi25gi_kpLRLBjsS1NUo7qETbCsoRVEGTkPntVgLm2CY_1J9ljyUJ6tDuCCgfj3sVtlVWWjKqZMqFKz4yZ1tbw--TTrNaLKUqAUWdoaH8w_O6uBKxAsR6QtkjXXWSozg8EH73LHyyv1Sbjzej0fbj3Mb6U0SJHNiFLQYOuv5-Q1wn8e1RGpOmDOnB8OuzZ8h3IMYtmNZXIxqg7LgiQnSAmGPbOxoz4aJwJ_zmRj4LtMxTbvLNnrb4f23Hc0hb3izWYygVP4wszWVAmopop8srvME34yK2254kDN9lpgYzT9X40833_lPiddGz3-zD0gV1EFep6PL8OSGFprdMegd1CGbB23ccHYx_meVQdM-hDeHrv7na9JCkAOFBRkuZmKQoqpRoRqDgvf-jkUDNBD3sR3oWsx411I8r1O6hAdm6Ky_i1k72oeCeycXZ2kMsFQLpDnJVtqRjJlVvAM7tnET-AclFCFHKIAVQQE75RQBa30fKi-h2BTVNfZ6-KtMcjF9QcaSpKaEvQbdPLXzN1mu6d61j3TKuAjSunqEsa0ywV-fDQ1IZJzG3YtKWadL3wjhMAyLIcEMTS47DAx3_QzH7UBVDufiFlq-2df9vt0nKdUFT35foHKoVlzSLX4BZYr_rCcqY6F3TAogRnS8wVEv2lpDxhwJFFOLGEeRgb-QcAmLXufWXlQf2F1Cf65FtwnJ6hf1kehPBg-hTDXsAhVK6lAuvgom_O2ApZXGvr9Wh0fA-ayGmonTgMPMlX1RlogOLcW1qUokiBmJXKw1wNP_BFYsoZwCR5ZWhshfNfbLh6fsIku8eiDq

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame F2EA 36 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5145 43 B
215 B 176ms
176ms Image
image/gif 2600:1f13:800:7780:7d4b:6267:96a3:77e2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=20a99090-102f-f17b-10ae-ab28bcba562a&tv=%7Bc:4lWTtH,time:1186,type:e,im:%7Bpci:%7Btdr:1038%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1186,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1176~0%5D,as:%5B1176~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:229,fm:tvZNm9Z+11%7C12%7C13%7C141%7C15*.990511-61634098%7C151%7C152%7C153%7C161%7C171%7C172%7C181%7C19,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:38,sis:290%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:7d4b:6267:96a3:77e2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5C19 42 B
64 B 92ms
90ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstxofwXinjwmjNmvynS4PvutVPtVwplCLcV4wrzB3Vb0MD5pFESV3Pa8gy6QmH0n9sw5kqyv58Gvvhhuj6tj3nIDObtUs5L6VM47UiMc-zG81mPJZjDPVSUKm5PZ4u1qh4VyeQc5w&sai=AMfl-YSqg-FtYmrUyQse5_iifSNDkbpjUbCx2RP9RRCr-9Eeks6OKp4F4A_RfVcn3LvJ1VnUY8Muh1LvX3sNNgTGH_DKpVuelEdekj3DUD3Nck75_OE9_ikQhxMc2Y9rR0vbws5BMFQApBxE5RRu0g&sig=Cg0ArKJSzH0Z9Lqh9l1LEAE&cid=CAQSTADUE5yms_tNKmuAifeGHl3WnU2Loy0SBo7ATcx_9NZMYyHkBlsATJALrr4aeWPmz1qp3mRTBSHlifSp5_p1FuYek9ivxu4pcDyCZ6IYAQ&id=lidar2&mcvt=1006&p=283,1249,323,1290&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3271815912&rs=4&la=0&cr=0&vs=4&r=v&rst=1676520068538&rpt=843&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJxXzYyMHg3MDBfMjIxMC1hbmYtcy1pY29uczM1ODc1NWE3LTBlZmMtNGJjYS04Y2JhLTkyZTY4YjVjNTM0NS5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjE0N...
d27rf63iunghx1.cloudfront.net/ Frame 1712 36 KB
36 KB 27ms
9ms Image
image/png 2600:9000:2057:aa00:15:6513:6d40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d27rf63iunghx1.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJxXzYyMHg3MDBfMjIxMC1hbmYtcy1pY29uczM1ODc1NWE3LTBlZmMtNGJjYS04Y2JhLTkyZTY4YjVjNTM0NS5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjE0NTYsImhlaWdodCI6MTgwLCJmaXQiOiJpbnNpZGUifX19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:aa00:15:6513:6d40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c32d867fd1ab3f69923cbcd22b59160c4bade634ce83d90a70fb459725edb099

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:59:53 GMT
via: 1.1 d07eabeb1ed60c06da1457f35fb5c8c4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 475277
x-amzn-requestid: ef381f71-73a0-4bb1-a1f3-ba78e235eeae
x-cache: Hit from cloudfront
x-amz-apigw-id: AIV--F24FiAFrew=
content-length: 36391
last-modified: Tue, 22 Nov 2022 15:10:17 GMT
x-amzn-trace-id: Root=1-63e669f9-00365c4467d9681a2bd93d46
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: dX18S383-9ttTAkGe0Vk-dPp2K0RVdbNfB8d9-_ow0GCR7prNwXN3A==

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C19 0
20 B 79ms
79ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8519146269299&version=m202301230201&ct=76&x=1&cor=14259578732761782000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5145 0
20 B 79ms
78ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4776697502647&version=m202301230201&ct=76&x=1&cor=4988106163142429000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 595B 0
20 B 78ms
78ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8032266851555&version=m202301230201&ct=76&x=1&cor=10278532388706845000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5145 43 B
215 B 176ms
175ms Image
image/gif 2600:1f13:800:7780:7d4b:6267:96a3:77e2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=20a99090-102f-f17b-10ae-ab28bcba562a&tv=%7Bc:4lWTKz,pingTime:1,time:2232,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:36%7D,%7Bpiv:65,vs:pp,r:,t:1231%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1231,n:0,pp:1001,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1220~0,0~50%5D,as:%5B1220~160.600%5D%7D%7D,%7Bsl:pp,t:1231,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:65,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~50%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:182,fm:tvZNm9Z+11%7C12%7C13%7C141%7C15*.990511-61634098%7C151%7C152%7C153%7C161%7C171%7C172%7C181%7C19,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:38,sis:290%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:7d4b:6267:96a3:77e2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:11 GMT
server: nginx
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiI3MjB4NjEwX3N0b2VyZXItZ2JwbHVzZGQ0NWRhNmEtYjlhYy00YTdjLTk1MDYtZDkwMmM2ZTFlODY2LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6MTQ1Niwia...
d27rf63iunghx1.cloudfront.net/ Frame 1712 31 KB
32 KB 10ms
10ms Image
image/png 2600:9000:2057:aa00:15:6513:6d40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d27rf63iunghx1.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiI3MjB4NjEwX3N0b2VyZXItZ2JwbHVzZGQ0NWRhNmEtYjlhYy00YTdjLTk1MDYtZDkwMmM2ZTFlODY2LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6MTQ1NiwiaGVpZ2h0IjoxODAsImZpdCI6Imluc2lkZSJ9fX0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:aa00:15:6513:6d40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ebaa028e53ceb3896c63bfbdb52a422b2419be96e936f7416a4aea330e69010c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:44:02 GMT
via: 1.1 d07eabeb1ed60c06da1457f35fb5c8c4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 476231
x-amzn-requestid: aca3d8c3-c5fc-4925-b516-d8a8720927de
x-cache: Hit from cloudfront
x-amz-apigw-id: AITqWGAyliAFssQ=
content-length: 32039
last-modified: Tue, 22 Nov 2022 15:10:17 GMT
x-amzn-trace-id: Root=1-63e66641-67f405f566a54f7a7a1f77a5
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: bDm0kG33HW71o6elOj1aYV0NgXZS1jCphLUBYIWVVYN-H-e1WcpeUw==

GET
H2 200 dc_oe=ChMIouau-ZOZ_QIVLue7CB2pOgWTEAAYACC03uxKQhMIovr8-JOZ_QIVhsq7CB3Zyw6I;stragg=1;&timestamp=1676520073721;str=Show%20Slide%200;strtype=1
ade.googlesyndication.com/ddm/activity/ Frame 595B 42 B
401 B 272ms
82ms Image
image/gif 172.217.19.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIouau-ZOZ_QIVLue7CB2pOgWTEAAYACC03uxKQhMIovr8-JOZ_QIVhsq7CB3Zyw6I;stragg=1;&timestamp=1676520073721;str=Show%20Slide%200;strtype=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.19.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s27-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 04:01:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: vendorlist.consensu.org
URL: https://vendorlist.consensu.org/purposes-bg.json

Domain: vendorlist.consensu.org
URL: https://vendorlist.consensu.org/vendorlist.json

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zdrave.bg/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6fe72a7b12c4854fbfad6254b3ba1406
www.zdrave.bg/	1970-01-20 09:42:10	Name: etargetTimedXbg69700 Value: 1
.zdrave.bg/	1970-01-20 19:18:00	Name: __utma Value: 2577403.2145424155.1676520068.1676520068.1676520068.1
.zdrave.bg/	1969-12-31 23:59:59	Name: __utmc Value: 2577403
.zdrave.bg/	1970-01-20 14:04:48	Name: __utmz Value: 2577403.1676520068.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.zdrave.bg/	1970-01-20 09:42:00	Name: __utmt Value: 1
.zdrave.bg/	1970-01-20 09:42:01	Name: __utmb Value: 2577403.1.10.1676520068
.adnxs.com/	1970-01-20 11:51:36	Name: uuid2 Value: 4603119965129574045
.zdrave.bg/	1970-01-20 19:10:48	Name: __gfp_64b Value: g2.X1E3SCH4467.qqhMrjiWgmX89K7R1KbeyC43llTn.B7\|1676520068
.hit.gemius.pl/	1970-01-20 09:52:04	Name: Gtest Value: Klx4XRXGQMGGvt02RQQF64fissGMXP8c25nSGA7lOXH8XBG.
.zdrave.bg/	1970-01-20 19:03:36	Name: __gads Value: ID=e86db796a4c919af:T=1676520068:S=ALNI_Maf_63rGnnjeXGWGgJyPxOA3H8Eog
.zdrave.bg/	1970-01-20 19:03:36	Name: __gpi Value: UID=00000bb749d28c24:T=1676520068:RT=1676520068:S=ALNI_MZ3DB9Li09AuhrbjiClNuf1ob3zvA
.hit.gemius.pl/	1970-01-20 19:10:48	Name: Gdyn Value: KlGqDMXGQMGGvt02RQQF64fissGMXP8c25nSGA7lOXH8FRxSG7RrGS6GY4FBFlMQYH8W8jBGqSRxSG8.
.doubleclick.net/	1970-01-20 19:03:36	Name: IDE Value: AHWqTUmMacPAPDiXgDuTuaEnSqQ3_xzq6vbOvi_W_gxdqiPQFlzD0dQ5Bje_9TcJ
.casalemedia.com/	1970-01-20 18:27:36	Name: CMID Value: Y.2qhPeKyxt.00fUaZTZeQAA
.casalemedia.com/	1970-01-20 11:51:36	Name: CMPS Value: 2171
.casalemedia.com/	1970-01-20 11:51:36	Name: CMPRO Value: 2171
.adnxs.com/	1970-01-20 11:51:36	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb=qOugZ!A#Eo(<j<dINiYhTyXnfi8FW/hhS6Yh*n)64@DFc.@rq04]VR)eFu9_qJ0Q+(j#iP(Md+>)fy)i_p_uN

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: webpack:///../javascript/src/WindowManager.js?(Line 674) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=1&rq=caaa197a-9952-4d96-7760-eeaa01e0acf8&vt=e63ba384-5aea-4aa4-bdbb-76cf958c84a2&isf=false&zn=533338dda&tm=0&af=300x250&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=17574adf-d52d-2f99-775e-af2e140ddf9e&ct=e3d24d0d-643a-4ac6-5536-286acb79de92&c=hA_c_0_89d75071&ah=0&, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: webpack:///../javascript/src/WindowManager.js?(Line 674) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=1&rq=caaa197a-9952-4d96-7760-eeaa01e0acf8&vt=e63ba384-5aea-4aa4-bdbb-76cf958c84a2&isf=false&zn=533338dda&tm=0&af=300x250&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=17574adf-d52d-2f99-775e-af2e140ddf9e&ct=e3d24d0d-643a-4ac6-5536-286acb79de92&c=hA_c_0_89d75071&ah=0&, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: webpack:///../javascript/src/WindowManager.js?(Line 674) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=2&rq=caaa197a-9952-4d96-7760-eeaa01e0acf8&vt=e63ba384-5aea-4aa4-bdbb-76cf958c84a2&isf=false&zn=e45aec764&tm=0&af=0x0&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=af6efafe-8fd7-3c0f-cb5f-816803f2487d&ct=ea5e053a-7fbe-0cfd-6a7b-27a35bbc7469&c=hA_c_1_5bf43c32&ah=0&, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: webpack:///../javascript/src/WindowManager.js?(Line 674) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://tas-bg.toboads.com/js/adl-d9566a3e.js?b=2&rq=caaa197a-9952-4d96-7760-eeaa01e0acf8&vt=e63ba384-5aea-4aa4-bdbb-76cf958c84a2&isf=false&zn=e45aec764&tm=0&af=0x0&fv=undefined&nw=0&co=1&vh=1200&vw=1600&asc=0&srf=http%3A%2F%2Fwww.zdrave.bg%2F&loc=eq-srf&rn=af6efafe-8fd7-3c0f-cb5f-816803f2487d&ct=ea5e053a-7fbe-0cfd-6a7b-27a35bbc7469&c=hA_c_1_5bf43c32&ah=0&, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
security	warning	URL: http://gabg.hit.gemius.pl/xgemius.js(Line 826) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
network	error	URL: https://vendorlist.consensu.org/purposes-bg.json Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://vendorlist.consensu.org/vendorlist.json Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

57feffc8f652b1307cb18e69538b5127.safeframe.googlesyndication.com
ade.googlesyndication.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
bg.search.etargetnet.com
cm.g.doubleclick.net
connect.facebook.net
d27rf63iunghx1.cloudfront.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fw.adsafeprotected.com
gabg.hit.gemius.pl
gdpr.sportal.bg
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
ls.hit.gemius.pl
pagead2.googlesyndication.com
pixel.sitescout.com
portal.o2online.de
relay-bg.ads.httpool.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.adsafeprotected.com
tas-bg.toboads.com
tpc.googlesyndication.com
vendorlist.consensu.org
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.zdrave.bg
vendorlist.consensu.org
142.250.201.194
146.59.30.104
146.59.30.108
172.217.19.98
185.80.39.216
185.89.210.244
185.89.211.116
195.168.10.173
2600:1f13:800:7780:7d4b:6267:96a3:77e2
2600:9000:2057:aa00:15:6513:6d40:21
2600:9000:238d:4800:8:48e:53c0:93a1
2a00:1450:4001:813::2001
2a00:1450:400d:802::200a
2a00:1450:400d:806::200e
2a00:1450:400d:807::2002
2a00:1450:400d:808::2006
2a00:1450:400d:80a::2001
2a00:1450:400d:80a::2002
2a00:1450:400d:80c::2002
2a00:1450:400d:80d::2004
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.254.219.114
78.128.6.42
78.90.206.186
82.113.101.132
85.14.4.130
91.209.18.100
91.209.18.90
98.98.134.242
01147cf422220b219bbbe8526abf4b3ac6d5c15a59ed7e48396af4b9c2ed80f1
0158a7a3fd4a43fd01c6051d73c8507d87989abb39e83b3dbb8e3fe806ef77cc
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0b8020f4f33e4308efcaf92a3f488695c14a014890812f21076cdea86402be0e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
102423e1eefe81cf7be86b18c52ff4f91e0905b64277582386529dfaaa85e844
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
1c377127bcfa3c889dd0bf2b470b8e82892429dc22ddc8fd267f071dc74d3e42
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1de6e720901fe5ca658c1323b895ef2d0a14508e1403cbfc1b18d938c610d452
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
27c20205e6c72b5a8200dff49b94e1e923cc9d2e0c610229046db3c512860b2d
28cd1264bd1c0efccf4e7e030e8fc0dac7f2176f8d88ba60c8714ea738a8f550
294a8041d261138b6673afb0ce72c680992d5a4091009aa655e6e79297f9d9df
2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60
2b8b4d537d6eb7f042cd3891aa30a880b50e46f162b577b4a68468cb2f496190
2def643052cff38eef41134268f401bcfcc4eeabfc3080fe3a3f0f7026b84a5c
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31c1401c5e39742fc59a62a1fafba5eceac889c3d61cc436c650b743a7a9a65f
350d86c0140550202426b067ebeb07ccdab9974634cd9679316cd8e72dcbfd7e
38c41f2a23606c4ac956be11f4ed1cb6fd451007b5afd53000bce1a9999ef273
3ddddd2b784c484f45756dc8bba5419400a497369695802aa1a5c01e4a3aa7bc
3e77930dc91b5974ed8c0bae0d1fad359653ac28ddac9d8ff85c195a4a519b13
4312d184c3ac26e20d28109cd60c174df6f6545e5d1232e377d92a0b13dc7688
43135cf7c31641d06df7ff2d9a82cd764c227fc5fcd7ecfae563acb03dd7228c
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
4352dcef55a499ed21de78785c1d6c67db60bd24a37d5df8859d987682cb8fb1
45f03badef9166a1e3a0a32d90c2142aa3426de23b7729770328ce8d0853f0bc
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
473f3e92b1252dba029b6c5d036d7dbfd02b1c7d8e3fda3350c22045f21ed733
4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0
4ac736b755d1e73b248cacf82a532914045934b6166f27d849c5c48853039c63
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d6f39ef46419482e924286a45ce79748ed22edb7de4bafa7575597214ef373b
4f3a3090e0884756fa93224898619ab10c0bf0e216421914dc787287a76cedbc
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
529e7649235a7ada58f6f8e1ac45cc35a271ad3ca5f4e9499477d0039206b4e4
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56b037e4ecfaba364af8e4eeecaf4c4a666f9cf633e789e61b6d522b49b82e0a
581b5d3edb9fc27999b016832d576b42d39a6702eacf9e9ec60d8c0a6917e381
58556977e7860db2b6db32a94b0f4549ef12839318d98455cc553b5e4bd32c65
5b0387e6e1b265c23d741e6b9f0db377db33747bd4c532d929c1b298bf83ddaa
5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af
5e0a6d389252a6a887d3b5e3c860d758d47162b44481550be199436d95079145
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
634d35009916a317056a4db995871e4d04492b7c669fe268eb99f85eb66d7376
662979b7f65656bf4523077b22448867ae5dae4f281c9ff8898597470810f1f6
6b15ff8756e97e5bea28b6c68a88e362cc912702ac0e2a74b7f2fe0153fe95de
6b1ef4fccff6168cf7ef61c86050808e9f1a905b89cbecec7428337e380c882f
6d57e824e059301698f353db1cf92025de2a6d1e6f8c5abbffc24fc768e13550
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6e79069b77b35ee0d4d56d1f63d20fce82946a0e770335867faff6b16560993c
76c3b011d904491290bd200cb39e2d1e09f9e2788d32876b04c909b1494ef63c
76fd4dd5c74aea6b02fc8ee6090b0bc6a59eda5f9d6ff38b02ed1eda91a99a48
782a77ad65b778b8745670755fa9b2bc96e05c865936460082e3e493ddfd72f9
796c84eac5bb533e3ed7bf97fb67fa1d1ab6b6115f81a82c9d1994ea415f7a44
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8288f42c1e11d7aba7f755d3bd117bca4cea724d2d72a021d57ab9551dc2727d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
85d4ef637cacccef5919fa290c3c104c8682d939e7f0b1e4d0cfb67f09307778
866adec983f3c77bb4f6584cbffc36290ba9e0252b7ea388240e5e58fd8e6876
8979a601d8f6db5bb3dfa6606edd66214d07bd8f2e85396d0c6eecc136b5320e
8a33f2d843dec50c117b7023802cfef9631c4e163bacdbd88b7eb6dc8512f6cf
8d58cf0f8076552a18107cacca969a9232b3e5fc2ef65923201f0d7a16fe25e3
8d63fba992512d3d08c8a9f7b770fd6203622bdc6284e30af91d516f5a753eb9
8dc9f92b4c3f324e15e466ef9a1556d194e6e7c46bd8cbe355dfd69ce64714a5
91300e289e33ce13ec40e4599a15ee0f1c7f6596cf9ab87e9b59b74449304678
94e3d2444192a16a5440e24074941287108059b70bef2202a2bdcfd882f5a75b
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
97b37c3497e067d19d97bdf7b62b5749b3e132ca56220e5698d8d66d90757dd5
9b4a5c37b350ff0b5faf875d4f56c0251ec4532ca6209da7eee75899860fad0d
9ba6247d89411f5e450c2348f4605a57f12122b29cf102671929c26c905e66b1
9cc2a05d65d6805b9ea06989155a430932bf4d994915a617ecaeab4dd2dc5bdf
9fec94b4ff143599afb447b8fd3a2c2b3ba59caee8670c59042fb7bd3433f58b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1e021b2dfc86f207e222df5b4a15e7a484b70eae0a6a6d7b48bd18e34253761
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0
a8bf54e9be763ab5fad815c7266f841438bb56c7747cf54b7cc620673b497cd4
a960c0aa92033ca3ecfdd81cec7a4443d8e73f7081f1d5fb91f165e05e2d58eb
ab100b2b5cea43ed7e6d90205014fed9b4df8d7aa8c04dba39c61f3667d1adc8
abd54f05f703b03c98279e65aeff2c8a876f4854059debbc9c95c106e218bac6
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a6d5f4ffb9218e749c18808d39035c35fd82bae68544aa27bf7ac9c1dba6a8
b583d05bbbb011366fea9dda74ebd9cf77ac7b83fc1736e7c8529d151e6277d5
b5c9b565e21dce9ebed5eab5acfa741ba584d656fefad1e0766cf34ad869b8d8
bb998a86cbac87a0d49bb25b54abc93972824501d99531b2c69e2de3ecebc13a
bc953bfb3568e48c7dbb77edd2e34b6c2c6bbf253e136ce677727ca187ae2fd7
be6fd99e19aac74aa0fd01a271bae13e65496afad769c0df1e5648bd9a2cd950
be8a61c5d7715ba61c258ac1b146a8e29da020251bd6dee9cc36424a050e560a
c12883dc07f971d67e5b7c0b6bbb496858e0721f94d05706bac6215bf9b6908b
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c32d867fd1ab3f69923cbcd22b59160c4bade634ce83d90a70fb459725edb099
c384e161dd9d69bfc6e872774aadc81b3bd7534a97c5541d20a83c120704dbec
c3f738d41d979222078bbc1624c0b1ee0f752c6b9d6c563d992da1adb1cf5ced
c5439f44fe591de4882cd4453344b62bfd283f1d73ad94827876cd87a631e48b
c5afea8a7fb6bfe8770d1d7f9045592f5189e11526a0d781e7ee002349d8b85c
cef8fa3e654e9d95636b0adb5d81d5dfd0b65909dbe7227e43137c0dacaaf1f9
cfab5d50fef28c59188fbe1c6c9c9eb7540e22c15c8537e79f0d967e2415eb36
d680f4baa46f18ed1e5f02244fdb40d0b2de159b8582d40e1b01e10f25bf0f04
da933ef53458927e254187e40711b33abc36dafd95218f913db426cf3e676e20
db9d01707fe76a51a28349eca999d875004049d3ba47686e7274fa1c79b0a869
dc694511bff51871e9dc5ece4e9504015ad4810b9c78ab8b686a0f774d00eb7a
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e33d9e3eb211444580014e5a7ee28f61f8ad40ada8a191246ee2988cf9567285
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e47b9e815087e2fc99bbf6cbf261c70deb464a65398b4f20b20a12594fa1e479
e599f75928c9adfc5466b3a9391433e89623967d26665b7c7897ea69f2ebf0d4
e69abd7e0cc82f336e61fea889e406ecbbeb7ece1df960231b7a9ba0d1dd1676
e70feec33ee57fdeed636ab89a20156515e29b96cc56d8e20fd1315dd05c46f5
e9b220c805348a7838456a6b487e3b23fa3534437804888f46f504c221c2d006
ebaa028e53ceb3896c63bfbdb52a422b2419be96e936f7416a4aea330e69010c
ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34
eedcc911203888991f5009c9dbfddcc538ba57f6e33e5993d50f05520b94a83b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f00ff1a6909daa2d7f8141c285ceb23b76edcc1da40f0f2e717ad2b6c81a803a
f2172868bc46d74ad32f2715bc25a8716e07a784b2ecb24d9d077d2125c6c993
fc98c815fb4d76f329dc592625a5bb3a189fb41bd3118a0258b7618f347cf793
fe322532eb93c5b3c159a5f6456b53ebd4e8855e77964cccac8ae089e741f28a
ff4c6510b024bdf4d4a38848129fe74137b0d2eb3acaee253854a51e385e2273

www.zdrave.bg Open in urlscan Pro 78.90.206.186 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

211 Requests

64 %HTTPS

47 %IPv6

23 Domains

33 Subdomains

29 IPs

8 Countries

2449 kBTransfer

5468 kBSize

18 Cookies

2 Outgoing links

Redirected requests

211 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zdrave.bg Open in urlscan Pro
78.90.206.186 Public Scan

Screenshot
Live screenshot

Full Image

211
Requests

64 %
HTTPS

47 %
IPv6

23
Domains

33
Subdomains

29
IPs

8
Countries

2449 kB
Transfer

5468 kB
Size

18
Cookies

211 HTTP transactions
3 data transactions