urlscan.io logo urlscan.io
SecurityTrails logo

sofia.holmes.bg Open in urlscan Pro
193.194.156.25  Public Scan

Go To Rescan Add Verdict Report
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Submission: On March 02 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 5 countries across 11 domains to perform 37 HTTP transactions. The main IP is 193.194.156.25, located in Bulgaria and belongs to BULINFO-AS12982, BG. The main domain is sofia.holmes.bg.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 15th 2021. Valid for: a year.
This is the only time sofia.holmes.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

25    193.194.156.25 (Bulgaria)

ASN12982 (BULINFO-AS12982, BG)
PTR: imot.bg
sofia.holmes.bg
www.holmes.bg
www.imot.bg
holmes.bg
2    2606:4700:20::ac43:4673 (United States)

ASN13335 (CLOUDFLARENET, US)
lib.wtg-ads.com
1    2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    193.194.156.144 (Bulgaria)

ASN12982 (BULINFO-AS12982, BG)
cdn3.focus.bg
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    78.128.6.44 (Bulgaria)

ASN31083 (TELEPOINT, BG)
PTR: ip-6-44.telehouse.bg
gabg.hit.gemius.pl
4    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    146.59.30.108 (France)

ASN16276 (OVH, FR)
PTR: ip108.ip-146-59-30.eu
ls.hit.gemius.pl
1    2a00:1450:400c:c0b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
24 holmes.bg
sofia.holmes.bg
www.holmes.bg
holmes.bg — Cisco Umbrella Rank: 662080
67 KB
5 gemius.pl
gabg.hit.gemius.pl — Cisco Umbrella Rank: 90236
ls.hit.gemius.pl — Cisco Umbrella Rank: 11780
15 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 2029
87 KB
4 gstatic.com
www.gstatic.com
fonts.gstatic.com
331 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
2 wtg-ads.com
lib.wtg-ads.com — Cisco Umbrella Rank: 46985
98 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
4 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 68
439 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 403
1 KB
1 imot.bg
www.imot.bg — Cisco Umbrella Rank: 625457
3 KB
1 focus.bg
cdn3.focus.bg — Cisco Umbrella Rank: 661502
77 KB
37 11
Domain Requested by
14 www.holmes.bg sofia.holmes.bg
www.holmes.bg
9 holmes.bg 9 redirects
4 fundingchoicesmessages.google.com sofia.holmes.bg
4 gabg.hit.gemius.pl 1 redirects sofia.holmes.bg
gabg.hit.gemius.pl
3 fonts.gstatic.com fonts.googleapis.com
2 www.google-analytics.com sofia.holmes.bg
www.google-analytics.com
2 lib.wtg-ads.com sofia.holmes.bg
lib.wtg-ads.com
1 fonts.googleapis.com
1 stats.g.doubleclick.net www.google-analytics.com
1 ls.hit.gemius.pl gabg.hit.gemius.pl
1 cdn.jsdelivr.net lib.wtg-ads.com
1 www.gstatic.com www.google.com
1 www.imot.bg sofia.holmes.bg
1 cdn3.focus.bg sofia.holmes.bg
1 www.google.com sofia.holmes.bg
1 sofia.holmes.bg
37 16
Subject Issuer Validity Valid
*.holmes.bg
Sectigo RSA Domain Validation Secure Server CA		 2021-10-15 -
2022-11-14		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-29 -
2022-06-28		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
cdn3.focus.bg
ZeroSSL RSA Domain Secure Site CA		 2022-01-31 -
2022-05-01		 3 months crt.sh
*.imot.bg
Sectigo RSA Domain Validation Secure Server CA		 2021-12-13 -
2022-12-13		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.hit.gemius.pl
Sectigo ECC Domain Validation Secure Server CA		 2021-09-08 -
2022-09-25		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Frame ID: 657D29BC4A0BAAF5123E82DD4AA9E26D
Requests: 36 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: 740C961B7D3B84E9931DE9C9417CE44F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Имоти - holmes.bg - Пазарът на недвижими имоти - продажби, наеми, агенции, новини за имоти (imoti)

Detected technologies

Overall confidence: 100%
Detected patterns
  • hit\.gemius\.pl/xgemius\.js
  • hit\.gemius\.pl
  • xgemius\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

37
Requests

73 %
HTTPS

69 %
IPv6

11
Domains

16
Subdomains

13
IPs

5
Countries

702 kB
Transfer

1892 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://holmes.bg/images/holmes-logo.svg HTTP 301
  • https://www.holmes.bg/images/holmes-logo.svg
Request Chain 11
  • https://holmes.bg/images/ico/B.svg HTTP 301
  • https://www.holmes.bg/images/ico/B.svg
Request Chain 12
  • https://holmes.bg/images/ico/photo.svg HTTP 301
  • https://www.holmes.bg/images/ico/photo.svg
Request Chain 13
  • https://holmes.bg/images/ico/B3.svg HTTP 301
  • https://www.holmes.bg/images/ico/B3.svg
Request Chain 16
  • https://holmes.bg/images/ico/copy.svg HTTP 301
  • https://www.holmes.bg/images/ico/copy.svg
Request Chain 17
  • https://holmes.bg/images/ico/share-fb.svg HTTP 301
  • https://www.holmes.bg/images/ico/share-fb.svg
Request Chain 18
  • https://holmes.bg/images/ico/share-viber.svg HTTP 301
  • https://www.holmes.bg/images/ico/share-viber.svg
Request Chain 19
  • https://holmes.bg/images/ico/share-email.svg HTTP 301
  • https://www.holmes.bg/images/ico/share-email.svg
Request Chain 20
  • https://holmes.bg/images/ico/share-printer.svg HTTP 301
  • https://www.holmes.bg/images/ico/share-printer.svg
Request Chain 30
  • https://gabg.hit.gemius.pl/_1646237730714/rexdot.js?l=100&id=nGua0Yi0mxxhSrpdZiDjF8UFjw4BWSbYJPnA4pPXz2..Z7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fsofia.holmes.bg%2Fpcgi%2Fhome.cgi%3Fact%3D3%26adv%3D1r158194897764202&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=116&lsdata=hVMREBXe.4pgBuZypqDXT.TtX6ioBJ21R.kw38Wwb3n.m73JkimF45QO0HTz3pFSxM8u6TgF7XP4FFqlqND77uHQTgSc/7LZXd1S7DmZcS/&fpdata=pzlsy.ZBMEnm6mDDSrRqxWxtVrXao0N_ZTDtiqa7itb.T7&vis=1&fpcap= HTTP 301
  • https://gabg.hit.gemius.pl/__/_1646237730714/rexdot.js?l=100&id=nGua0Yi0mxxhSrpdZiDjF8UFjw4BWSbYJPnA4pPXz2..Z7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fsofia.holmes.bg%2Fpcgi%2Fhome.cgi%3Fact%3D3%26adv%3D1r158194897764202&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=116&lsdata=hVMREBXe.4pgBuZypqDXT.TtX6ioBJ21R.kw38Wwb3n.m73JkimF45QO0HTz3pFSxM8u6TgF7XP4FFqlqND77uHQTgSc/7LZXd1S7DmZcS/&fpdata=pzlsy.ZBMEnm6mDDSrRqxWxtVrXao0N_ZTDtiqa7itb.T7&vis=1&fpcap=

37 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request home.cgi
sofia.holmes.bg/pcgi/ 		33 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
6237c9d7686af8492d9e044ec5e72ae65c0f8c048798c55e36a1df03adb91d29

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx
Date
Wed, 02 Mar 2022 16:15:28 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip
styles.css
www.holmes.bg/styles/ 		54 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.holmes.bg/styles/styles.css
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
47370140eacd809911ef554f1b941b9146ee18d2c2e9d66891bfa636b9674b28

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 20 Jan 2021 09:46:46 GMT
Server
nginx
ETag
W/"6007fc06-d79e"
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
responsive.css
www.holmes.bg/styles/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.holmes.bg/styles/responsive.css
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
4cb2e10dbee32cfdd18e46f64130f5f9140d63507bc555a53484d8bda40d8d33

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:28 GMT
Content-Encoding
gzip
Last-Modified
Wed, 09 Sep 2020 07:46:16 GMT
Server
nginx
ETag
W/"5f588848-1e5b"
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
scripts.js
www.holmes.bg/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.holmes.bg/js/scripts.js?126
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
086ad62c133b12bd84b3efa17394b90b5911feddb905a801757cafb0254a3033

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 20 Jan 2021 09:46:37 GMT
Server
nginx
ETag
W/"6007fbfd-340f"
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
lib.min.js
lib.wtg-ads.com/ 		487 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lib.wtg-ads.com/lib.min.js
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4673 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ada7f5496bb0134dc1f966616af3193d1249c8ce47fe1f9e7e1fbe80d48c4b6c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
722811
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
last-modified
Wed, 19 Jan 2022 11:50:10 GMT
server
cloudflare
etag
W/"61e7faf2-79ded"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oztyMfSK7b3plmyEAxa%2FFmgJWtM8NvBxJBIAO2PeMSFtAZiP2N4%2Ffnu%2BWKVhG3FjvdPt7f1nwZ4R%2FRE9W8oq7wfwtGPYf2JBJWPhMoyCdujIVQufzX1LmvHMltkrFxjDLDOFVZsGmOjRfVXiRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10800
access-control-allow-credentials
true
cf-ray
6e5b6e76fcca9bd1-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires
Tue, 22 Feb 2022 10:28:39 GMT
api.js
www.google.com/recaptcha/ 		850 B
968 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LfqMCQaAAAAAPJzewD58GD3aYKkCv5smskeylength3DERShxHN
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d78ee501fd3af17e979356da8b12261e4647ea87c01df316a742de9deb090eda
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Wed, 02 Mar 2022 16:15:30 GMT
1r158194897764202_89.jpg
cdn3.focus.bg/imot/photosimotbg/1/202/big/ 		77 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn3.focus.bg/imot/photosimotbg/1/202/big/1r158194897764202_89.jpg
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.194.156.144 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
Software
nginx /
Resource Hash
98948c63958ba4aef77d78904802d26b649d771db048d52bd54f3ac566f360c7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
public
date
Wed, 02 Mar 2022 16:15:30 GMT
last-modified
Wed, 28 Jul 2021 10:05:52 GMT
server
nginx
etag
"61012c00-132de"
content-type
image/jpeg
cache-control
max-age=15552000, public
accept-ranges
bytes
content-length
78558
expires
Mon, 29 Aug 2022 16:15:30 GMT
call.svg
www.holmes.bg/images/ico/ 		926 B
853 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/call.svg
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
e4450763f2cad8846d8e585c5d1963b275292548582e6fdab4e9b02925fc70a6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:16 GMT
Server
nginx
ETag
W/"119ca2-39e-5ae28612fca00"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive
supercredit.jpg
www.holmes.bg/images/ 		26 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/supercredit.jpg
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
da321349560befef150b6671a49a9e5351936b49fe44dbc9236d8b39aff59db8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Sep 2021 08:08:51 GMT
Server
nginx
ETag
W/"61541f13-66e8"
Vary
Accept-Encoding
Content-Type
image/jpeg
Transfer-Encoding
chunked
Connection
keep-alive
hercules.pic
www.imot.bg/images/logos/small/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.imot.bg/images/logos/small/hercules.pic
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
d8e402b8873d3e5c16010238b98f45383830ea21c7d0f1697480da15995e64e8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Mon, 15 May 2017 08:10:47 GMT
Server
nginx
ETag
"59196287-97c"
Content-Type
application/octet-stream
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2428
recaptcha__de.js
www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/ 		357 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfqMCQaAAAAAPJzewD58GD3aYKkCv5smskeylength3DERShxHN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
13c7ce8eb4433ee82ab08c5b401235d0c97a6dff3af0c288ee9a64d1afe964cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://sofia.holmes.bg/
Origin
https://sofia.holmes.bg
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 14:21:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6820
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
144239
x-xss-protection
0
last-modified
Tue, 22 Feb 2022 21:22:22 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Mar 2023 14:21:50 GMT
holmes-logo.svg
www.holmes.bg/images/
Redirect Chain
  • https://holmes.bg/images/holmes-logo.svg
  • https://www.holmes.bg/images/holmes-logo.svg
9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/holmes-logo.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
65d67dafe1b75a5aaca716219e61d446be6077da998bec88b9146da957453fdc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:15 GMT
Server
nginx
ETag
W/"1141f9-228f-5ae28612087c0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/holmes-logo.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
B.svg
www.holmes.bg/images/ico/
Redirect Chain
  • https://holmes.bg/images/ico/B.svg
  • https://www.holmes.bg/images/ico/B.svg
920 B
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/B.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
3cff5e3c4ebaf781e3d758834ee65cd1af2cd7947a654a9b647660e2bcecc291

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:16 GMT
Server
nginx
ETag
W/"119c9f-398-5ae28612fca00"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/ico/B.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
photo.svg
www.holmes.bg/images/ico/
Redirect Chain
  • https://holmes.bg/images/ico/photo.svg
  • https://www.holmes.bg/images/ico/photo.svg
2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/photo.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
a1206136a9f4d79d33f36959855df462299150812a495f945c284494823adfef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:16 GMT
Server
nginx
ETag
W/"119ca8-8d7-5ae28612fca00"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/ico/photo.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
B3.svg
www.holmes.bg/images/ico/
Redirect Chain
  • https://holmes.bg/images/ico/B3.svg
  • https://www.holmes.bg/images/ico/B3.svg
1 KB
928 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/B3.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
8d208b6380831bc92ff004714e523b134bf7e4c9353cc1d9c2a7e30ddd2ef068

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:16 GMT
Server
nginx
ETag
W/"119c9b-599-5ae28612fca00"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/ico/B3.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
638
date
Wed, 02 Mar 2022 16:04:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 02 Mar 2022 18:04:52 GMT
xgemius.js
gabg.hit.gemius.pl/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gabg.hit.gemius.pl/xgemius.js
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
78.128.6.44 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS
ip-6-44.telehouse.bg
Software
GHC /
Resource Hash
99a336d42e4e130971fac5e498ac76a43d12fd0acb56a846543dfaa37eccb67c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
content-encoding
gzip
last-modified
Fri, 18 Feb 2022 08:43:58 GMT
server
GHC
vary
Accept-Encoding,Origin
p3p
CP="NOI DSP COR NID PSAo OUR IND"
cache-control
max-age=43200
cross-origin-resource-policy
cross-origin
accept-ranges
none
content-type
application/x-javascript
content-length
10838
expires
Thu, 03 Mar 2022 04:15:30 GMT
copy.svg
www.holmes.bg/images/ico/
Redirect Chain
  • https://holmes.bg/images/ico/copy.svg
  • https://www.holmes.bg/images/ico/copy.svg
706 B
752 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/copy.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
174cf2b03fe234e81e9591b0d57b6be8b129ec0f863d17d686cc736e63b744bc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:15 GMT
Server
nginx
ETag
W/"119c90-2c2-5ae28612087c0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/ico/copy.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
share-fb.svg
www.holmes.bg/images/ico/
Redirect Chain
  • https://holmes.bg/images/ico/share-fb.svg
  • https://www.holmes.bg/images/ico/share-fb.svg
2 KB
965 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/share-fb.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
e78d8ad8981d9c0621aa71b46e9ff09bc9e9072c4ea47f05d1fe48f40ca0daf1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:16 GMT
Server
nginx
ETag
W/"119c9c-7a6-5ae28612fca00"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/ico/share-fb.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
share-viber.svg
www.holmes.bg/images/ico/
Redirect Chain
  • https://holmes.bg/images/ico/share-viber.svg
  • https://www.holmes.bg/images/ico/share-viber.svg
3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/share-viber.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
06e007a360cea101e7cb00ec2dcd76ec35904c7a5ddefd20036921094fc0c12a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:16 GMT
Server
nginx
ETag
W/"119c9a-c4b-5ae28612fca00"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/ico/share-viber.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
share-email.svg
www.holmes.bg/images/ico/
Redirect Chain
  • https://holmes.bg/images/ico/share-email.svg
  • https://www.holmes.bg/images/ico/share-email.svg
5 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/share-email.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
6aeb7385985729c6d847660265f81415c8d8b01b20728a29ec706ef4cd78f5cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:16 GMT
Server
nginx
ETag
W/"119ca0-12c1-5ae28612fca00"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/ico/share-email.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
share-printer.svg
www.holmes.bg/images/ico/
Redirect Chain
  • https://holmes.bg/images/ico/share-printer.svg
  • https://www.holmes.bg/images/ico/share-printer.svg
5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.holmes.bg/images/ico/share-printer.svg
Requested by
Host: www.holmes.bg
URL: https://www.holmes.bg/styles/styles.css
Protocol
HTTP/1.1
Server
193.194.156.25 , Bulgaria, ASN12982 (BULINFO-AS12982, BG),
Reverse DNS
imot.bg
Software
nginx /
Resource Hash
c768e4fb450af57caf5364f357a382418915864a6f0f21e6532088be8e99047a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 16:15:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Aug 2020 08:42:15 GMT
Server
nginx
ETag
W/"119c6e-144c-5ae28612087c0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Location
https://www.holmes.bg/images/ico/share-printer.svg
Date
Wed, 02 Mar 2022 16:15:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
AGSKWxXv8rZheikheQFQbxdgcRJNCLa_Oc1jntOcuVpGFfRAlk8YURj7TVHswDfQgfJaZ5lG2cfTUEPrrA_Aa9a9fGg=
fundingchoicesmessages.google.com/f/ 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXv8rZheikheQFQbxdgcRJNCLa_Oc1jntOcuVpGFfRAlk8YURj7TVHswDfQgfJaZ5lG2cfTUEPrrA_Aa9a9fGg=
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ecb56c0c5efa9f603083f529434e21578bf51105681d6b2aefed9ab1c9c66337
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Pi8O4GDcArqRlTXWteOjOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-Pi8O4GDcArqRlTXWteOjOA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 16:15:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Pi8O4GDcArqRlTXWteOjOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-Pi8O4GDcArqRlTXWteOjOA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
standard.publisher.config.min.js
lib.wtg-ads.com/publisher/www.holmes.bg/ 		28 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lib.wtg-ads.com/publisher/www.holmes.bg/standard.publisher.config.min.js
Requested by
Host: lib.wtg-ads.com
URL: https://lib.wtg-ads.com/lib.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4673 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bf1601873a8fd4f6c8924525082d753b818bb1788bba342ec8067a915a3ed62

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
88328
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
last-modified
Tue, 01 Feb 2022 10:08:34 GMT
server
cloudflare
etag
W/"61f906a2-71dd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u82cvGj1KHT130tYMozMe1pliYX232Gdt2N1TyZntUs9KkNSUat%2BSH8tXxcB4WQ76SevTWbULby42fULsGTvHcIEKi9rbZcFINaePmiMc%2FWD72eO3E9kpeqzlT8por%2B1Aplw%2F8joyNAs6MSmgg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10800
access-control-allow-credentials
true
cf-ray
6e5b6e776e229bd1-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires
Tue, 01 Mar 2022 18:43:22 GMT
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220302
Requested by
Host: lib.wtg-ads.com
URL: https://lib.wtg-ads.com/lib.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eed8af1320fddb7e185ca372f0c96333140ed15e5ec9617c861d832d4757649
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
4455
x-jsd-version
1.0.1269
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19133-FRA, cache-hhn4080-HHN
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"69b-ezr71ImBkO4rjYGkZiFIyMo0vN8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
6e5b6e779dd25c26-FRA
collect
www.google-analytics.com/j/ 		4 B
209 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1004008797&t=pageview&_s=1&dl=https%3A%2F%2Fsofia.holmes.bg%2Fpcgi%2Fhome.cgi%3Fact%3D3%26adv%3D1r158194897764202&ul=en-us&de=windows-1251&dt=%D0%98%D0%BC%D0%BE%D1%82%D0%B8%20-%20holmes.bg%20-%20%D0%9F%D0%B0%D0%B7%D0%B0%D1%80%D1%8A%D1%82%20%D0%BD%D0%B0%20%D0%BD%D0%B5%D0%B4%D0%B2%D0%B8%D0%B6%D0%B8%D0%BC%D0%B8%20%D0%B8%D0%BC%D0%BE%D1%82%D0%B8%20-%20%D0%BF%D1%80%D0%BE%D0%B4%D0%B0%D0%B6%D0%B1%D0%B8%2C%20%D0%BD%D0%B0%D0%B5%D0%BC%D0%B8%2C%20%D0%B0%D0%B3%D0%B5%D0%BD%D1%86%D0%B8%D0%B8%2C%20%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%B7%D0%B0%20%D0%B8%D0%BC%D0%BE%D1%82%D0%B8%20(imoti)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1877274965&gjid=592869615&cid=1798365454.1646237731&tid=UA-20152960-1&_gid=2119480435.1646237731&_r=1&_slc=1&z=31336520
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://sofia.holmes.bg/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 16:15:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://sofia.holmes.bg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
fpdata.js
gabg.hit.gemius.pl/ 		278 B
392 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gabg.hit.gemius.pl/fpdata.js?href=sofia.holmes.bg
Requested by
Host: gabg.hit.gemius.pl
URL: https://gabg.hit.gemius.pl/xgemius.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
78.128.6.44 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS
ip-6-44.telehouse.bg
Software
GHC /
Resource Hash
8f171e4a40576c80a0622781724df23cb52eabb2c8a1f4e14446cdd3c478d0f8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
last-modified
Mon, 16 Jul 2012 10:03:40 GMT
server
GHC
etag
PRIVATE7520710249
p3p
CP="NOI DSP COR NID PSAo OUR IND"
cache-control
private, max-age=2592000
cross-origin-resource-policy
cross-origin
accept-ranges
none
content-type
application/x-javascript
content-length
278
expires
Fri, 01 Apr 2022 16:15:30 GMT
lsget.html
ls.hit.gemius.pl/ Frame 740C 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ls.hit.gemius.pl/lsget.html
Requested by
Host: gabg.hit.gemius.pl
URL: https://gabg.hit.gemius.pl/xgemius.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
146.59.30.108 , France, ASN16276 (OVH, FR),
Reverse DNS
ip108.ip-146-59-30.eu
Software
GHC /
Resource Hash
d6d5ae1cac3694e2fdeecf833fe8b5d8058d1ad8163ec2ecc7a864f6034776e3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
expires
Fri, 01 Apr 2022 16:15:30 GMT
server
GHC
accept-ranges
none
cache-control
private, max-age=2592000
last-modified
Mon, 16 Jul 2012 10:03:40 GMT
etag
PRIVATE7520710249
vary
Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy
cross-origin
p3p
CP="NOI DSP COR NID PSAo OUR IND"
content-type
text/html;charset=utf-8
content-length
2722
content-encoding
gzip
collect
stats.g.doubleclick.net/j/ 		1 B
439 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-20152960-1&cid=1798365454.1646237731&jid=1877274965&gjid=592869615&_gid=2119480435.1646237731&_u=IEBAAEAAAAAAAC~&z=1804201038
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://sofia.holmes.bg/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 02 Mar 2022 16:15:30 GMT
content-type
text/plain
access-control-allow-origin
https://sofia.holmes.bg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
AGSKWxUoN-3RZv43qGZUPThYRVkIBp9uLLhA2Sg4P7UczYn6APson1p6R11hbfZlYGt6pws4jmuFgsoMsSoTbxMVhac=
fundingchoicesmessages.google.com/el/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUoN-3RZv43qGZUPThYRVkIBp9uLLhA2Sg4P7UczYn6APson1p6R11hbfZlYGt6pws4jmuFgsoMsSoTbxMVhac=?pvid=106124B2-18C8-4104-AA20-D50D8605B8D0&anonid=57E127D1-B49D-47F0-8857-44576E2AC90C
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.0lnHKGmmQJQ.es5.O/d=1/rs=AJlcJMwIHE-pTdzU4j82JTvnNT6PgBLd3A/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-YqDUIdJJx8hZoecY1YUUAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-YqDUIdJJx8hZoecY1YUUAQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://sofia.holmes.bg/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://sofia.holmes.bg
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-YqDUIdJJx8hZoecY1YUUAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-YqDUIdJJx8hZoecY1YUUAQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWj4dV4e-KUg0M9JjywzhTBxUhZXulF__zja9AZj061NtDjjM6l64PJ4e60pISVtiC_LLHlsVqMGle0NcyGciQ=
fundingchoicesmessages.google.com/f/ 		347 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWj4dV4e-KUg0M9JjywzhTBxUhZXulF__zja9AZj061NtDjjM6l64PJ4e60pISVtiC_LLHlsVqMGle0NcyGciQ=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQ2MjM3NzMwLDY5ODAwMDAwMF0sIjEwNjEyNEIyLTE4QzgtNDEwNC1BQTIwLUQ1MEQ4NjA1QjhEMCIsIjU3RTEyN0QxLUI0OUQtNDdGMC04ODU3LTQ0NTc2RTJBQzkwQyIsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3NvZmlhLmhvbG1lcy5iZy9wY2dpL2hvbWUuY2dpIixudWxsLFtdXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.0lnHKGmmQJQ.es5.O/d=1/rs=AJlcJMwIHE-pTdzU4j82JTvnNT6PgBLd3A/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
544929cb74f4c42d52db17cca536c2e653e2fd655a6701fc3124170cf62c6476
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-oj9OaBpDsPUTlxHvhT0Q+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-oj9OaBpDsPUTlxHvhT0Q+g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 16:15:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'report-sample' 'nonce-oj9OaBpDsPUTlxHvhT0Q+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-oj9OaBpDsPUTlxHvhT0Q+g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
rexdot.js
gabg.hit.gemius.pl/__/_1646237730714/
Redirect Chain
  • https://gabg.hit.gemius.pl/_1646237730714/rexdot.js?l=100&id=nGua0Yi0mxxhSrpdZiDjF8UFjw4BWSbYJPnA4pPXz2..Z7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fsofia.holme...
  • https://gabg.hit.gemius.pl/__/_1646237730714/rexdot.js?l=100&id=nGua0Yi0mxxhSrpdZiDjF8UFjw4BWSbYJPnA4pPXz2..Z7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fsofia.ho...
169 B
421 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gabg.hit.gemius.pl/__/_1646237730714/rexdot.js?l=100&id=nGua0Yi0mxxhSrpdZiDjF8UFjw4BWSbYJPnA4pPXz2..Z7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fsofia.holmes.bg%2Fpcgi%2Fhome.cgi%3Fact%3D3%26adv%3D1r158194897764202&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=116&lsdata=hVMREBXe.4pgBuZypqDXT.TtX6ioBJ21R.kw38Wwb3n.m73JkimF45QO0HTz3pFSxM8u6TgF7XP4FFqlqND77uHQTgSc/7LZXd1S7DmZcS/&fpdata=pzlsy.ZBMEnm6mDDSrRqxWxtVrXao0N_ZTDtiqa7itb.T7&vis=1&fpcap=
Requested by
Host: sofia.holmes.bg
URL: https://sofia.holmes.bg/pcgi/home.cgi?act=3&adv=1r158194897764202
Protocol
H2
Server
78.128.6.44 , Bulgaria, ASN31083 (TELEPOINT, BG),
Reverse DNS
ip-6-44.telehouse.bg
Software
GHC /
Resource Hash
acb08efd1d59d235ad0b2d929e19ac85d2b910e441e61dbc8d5f8abf407dbc88

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 16:15:30 GMT
server
GHC
p3p
CP="NOI DSP COR NID PSAo OUR IND"
cache-control
no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
accept-ranges
none
content-type
application/x-javascript
content-length
169
expires
Tue, 01 Mar 2022 16:15:30 GMT

Redirect headers

pragma
no-cache
date
Wed, 02 Mar 2022 16:15:30 GMT
server
GHC
p3p
CP="NOI DSP COR NID PSAo OUR IND"
location
/__/_1646237730714/rexdot.js?l=100&id=nGua0Yi0mxxhSrpdZiDjF8UFjw4BWSbYJPnA4pPXz2..Z7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fsofia.holmes.bg%2Fpcgi%2Fhome.cgi%3Fact%3D3%26adv%3D1r158194897764202&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=116&lsdata=hVMREBXe.4pgBuZypqDXT.TtX6ioBJ21R.kw38Wwb3n.m73JkimF45QO0HTz3pFSxM8u6TgF7XP4FFqlqND77uHQTgSc/7LZXd1S7DmZcS/&fpdata=pzlsy.ZBMEnm6mDDSrRqxWxtVrXao0N_ZTDtiqa7itb.T7&vis=1&fpcap=
cache-control
no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
accept-ranges
none
content-length
0
expires
Tue, 01 Mar 2022 16:15:30 GMT
css
fonts.googleapis.com/ 		54 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans_old:regular,medium|Material+Icons|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorIabTcfV2ClientJs.de.N2ac0Une7C0.es5.O/d=1/rs=AJlcJMxVK61rsDRlNj6YzepZIlCiauuDqQ/m=iabtcfv2wallscript
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a21ff30aace8d5c15126d0413ad7fed152d68d65a2641c167065fcd2e073d6ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sofia.holmes.bg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 16:15:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 02 Mar 2022 16:15:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 02 Mar 2022 16:15:31 GMT
AGSKWxUVBkPcAy-AZqHb5TpJ8ELZSLUZLmZrEWh1ic4oAtrrF1qCSZ0ZXJVe9LanfYK4DxXcExUG34VZ58WU382y7t4HruPMQ3OQjJ_GhI_InNEqOUUDUaxnW_FGN9FJmLyjIRPrFO-fC44kRUfIXP_m7slHWQ5JJTX9JPKSyngsedVVsdP6Em1A9IbCNnLW
fundingchoicesmessages.google.com/el/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUVBkPcAy-AZqHb5TpJ8ELZSLUZLmZrEWh1ic4oAtrrF1qCSZ0ZXJVe9LanfYK4DxXcExUG34VZ58WU382y7t4HruPMQ3OQjJ_GhI_InNEqOUUDUaxnW_FGN9FJmLyjIRPrFO-fC44kRUfIXP_m7slHWQ5JJTX9JPKSyngsedVVsdP6Em1A9IbCNnLW?dmid=26fa827f2cda983c
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorIabTcfV2ClientJs.de.N2ac0Une7C0.es5.O/d=1/rs=AJlcJMxVK61rsDRlNj6YzepZIlCiauuDqQ/m=iabtcfv2wallscript
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ENcRud52eWrBCFxvBiWQ0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-ENcRud52eWrBCFxvBiWQ0A' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://sofia.holmes.bg/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 02 Mar 2022 16:15:30 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://sofia.holmes.bg
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-ENcRud52eWrBCFxvBiWQ0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-ENcRud52eWrBCFxvBiWQ0A' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v125/ 		121 KB
122 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v125/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans_old:regular,medium|Material+Icons|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
63b49d58e13f9edc496b9e239b5e5c08757d26551bd16628cf996d3af0b769f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://sofia.holmes.bg
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 27 Feb 2022 22:57:34 GMT
x-content-type-options
nosniff
age
235077
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
123876
x-xss-protection
0
last-modified
Tue, 15 Feb 2022 21:23:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 27 Feb 2023 22:57:34 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans_old:regular,medium|Material+Icons|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://sofia.holmes.bg
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 00:14:34 GMT
x-content-type-options
nosniff
age
57657
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Mar 2023 00:14:34 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
fonts.gstatic.com/s/opensans/v27/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans_old:regular,medium|Material+Icons|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fcbd587432f5e88fc926d1cde0d375084b7f3e711f9ff34571dec52f70fb27cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://sofia.holmes.bg
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 03:14:50 GMT
x-content-type-options
nosniff
age
46841
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24756
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:39 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Mar 2023 03:14:50 GMT

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| structuredClone object| oncontextlost object| oncontextrestored function| supportsSVG function| fmapset function| addpathssel function| toright function| delright function| updr function| mapgs function| mapgf function| changePrice function| copy function| popitup function| showAdvertiserBoxWrapper function| closeAdvertiserBoxWrapper function| closeGallery function| showGallery function| prevPicture function| nextPicture function| CheckPhoneCorrect function| ShowPhonePopup function| HidePhonePopup function| CheckPhone object| w2g object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| checkKey string| GoogleAnalyticsObject function| ga string| pp_gemius_identifier function| gemius_pending function| gemius_hit function| gemius_event function| pp_gemius_hit function| pp_gemius_event function| __d3lUW8vwsKlB__ function| cmpBundleComplete function| cmpBundleComplete2 function| generateHash function| w2gWhichTcf function| w2gTcf2 function| w2gTcfapi boolean| isLegit object| bannedPathNames object| googletag function| checkIfAdUnitLoaded function| refreshAdUnitOnLoad object| pbjs object| conf object| reloadAds object| wtgAllConfigAdunitsReload object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| gemius_cmpclient object| gemius_hcconn number| pp_gemius_cnt object| recaptcha object| default_ContributorServingResponseClientJs object| __googlefc string| __fcInvoked object| NGEwYTg5NzJmZTcyMDA4MGxvYWRlcl9qcw== string| NGEwYTg5NzJmZTcyMDA4MGNhY2hlZF9qcw== object| googlefc string| __fcexpdef object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| default_ContributorIabTcfV2ClientJs function| __g78fHfh446__

6 Cookies

Domain/Path Name / Value
.holmes.bg/ Name: _ga
Value: GA1.2.1798365454.1646237731
.holmes.bg/ Name: _gid
Value: GA1.2.2119480435.1646237731
.holmes.bg/ Name: _gat
Value: 1
.holmes.bg/ Name: __gfp_64b
Value: pzlsy.ZBMEnm6mDDSrRqxWxtVrXao0N_ZTDtiqa7itb.T7|1646237730
.hit.gemius.pl/ Name: Gtest
Value: KlQnIRMGQMGGt-OoTSeSpiXissGMXP8c25nSGmK96UgWXBG.
.hit.gemius.pl/ Name: Gdyn
Value: KlSVBRGGQMGGt-OoTSeSpiXissGMXP8c25nSGmK96UgWFRxSG7RrGS6GuofBFlM1YH8PlexaG0F6Sssa

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdn3.focus.bg
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
gabg.hit.gemius.pl
holmes.bg
lib.wtg-ads.com
ls.hit.gemius.pl
sofia.holmes.bg
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.gstatic.com
www.holmes.bg
www.imot.bg
146.59.30.108
193.194.156.144
193.194.156.25
2606:4700:20::ac43:4673
2606:4700::6810:5614
2a00:1450:4001:801::2004
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:828::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:830::200a
2a00:1450:400c:c0b::9d
78.128.6.44
06e007a360cea101e7cb00ec2dcd76ec35904c7a5ddefd20036921094fc0c12a
086ad62c133b12bd84b3efa17394b90b5911feddb905a801757cafb0254a3033
13c7ce8eb4433ee82ab08c5b401235d0c97a6dff3af0c288ee9a64d1afe964cb
174cf2b03fe234e81e9591b0d57b6be8b129ec0f863d17d686cc736e63b744bc
3cff5e3c4ebaf781e3d758834ee65cd1af2cd7947a654a9b647660e2bcecc291
47370140eacd809911ef554f1b941b9146ee18d2c2e9d66891bfa636b9674b28
4cb2e10dbee32cfdd18e46f64130f5f9140d63507bc555a53484d8bda40d8d33
544929cb74f4c42d52db17cca536c2e653e2fd655a6701fc3124170cf62c6476
5eed8af1320fddb7e185ca372f0c96333140ed15e5ec9617c861d832d4757649
6237c9d7686af8492d9e044ec5e72ae65c0f8c048798c55e36a1df03adb91d29
63b49d58e13f9edc496b9e239b5e5c08757d26551bd16628cf996d3af0b769f2
65d67dafe1b75a5aaca716219e61d446be6077da998bec88b9146da957453fdc
6aeb7385985729c6d847660265f81415c8d8b01b20728a29ec706ef4cd78f5cf
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bf1601873a8fd4f6c8924525082d753b818bb1788bba342ec8067a915a3ed62
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8d208b6380831bc92ff004714e523b134bf7e4c9353cc1d9c2a7e30ddd2ef068
8f171e4a40576c80a0622781724df23cb52eabb2c8a1f4e14446cdd3c478d0f8
98948c63958ba4aef77d78904802d26b649d771db048d52bd54f3ac566f360c7
99a336d42e4e130971fac5e498ac76a43d12fd0acb56a846543dfaa37eccb67c
a1206136a9f4d79d33f36959855df462299150812a495f945c284494823adfef
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a21ff30aace8d5c15126d0413ad7fed152d68d65a2641c167065fcd2e073d6ed
acb08efd1d59d235ad0b2d929e19ac85d2b910e441e61dbc8d5f8abf407dbc88
ada7f5496bb0134dc1f966616af3193d1249c8ce47fe1f9e7e1fbe80d48c4b6c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
c768e4fb450af57caf5364f357a382418915864a6f0f21e6532088be8e99047a
d6d5ae1cac3694e2fdeecf833fe8b5d8058d1ad8163ec2ecc7a864f6034776e3
d78ee501fd3af17e979356da8b12261e4647ea87c01df316a742de9deb090eda
d8e402b8873d3e5c16010238b98f45383830ea21c7d0f1697480da15995e64e8
da321349560befef150b6671a49a9e5351936b49fe44dbc9236d8b39aff59db8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4450763f2cad8846d8e585c5d1963b275292548582e6fdab4e9b02925fc70a6
e78d8ad8981d9c0621aa71b46e9ff09bc9e9072c4ea47f05d1fe48f40ca0daf1
ecb56c0c5efa9f603083f529434e21578bf51105681d6b2aefed9ab1c9c66337
fcbd587432f5e88fc926d1cde0d375084b7f3e711f9ff34571dec52f70fb27cf