www.gazetaexpress.com Open in urlscan Pro
172.64.201.10 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Effective URL:
https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Submission: On February 24 via api (February 24th 2022, 11:31:42 am UTC) from DE — Scanned from DE

Summary HTTP 428 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 77 IPs in 10 countries across 69 domains to perform 428 HTTP transactions. The main IP is 172.64.201.10, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.gazetaexpress.com. The Cisco Umbrella rank of the primary domain is 388063.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 15th 2021. Valid for: a year.

This is the only time www.gazetaexpress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
71	172.64.201.10 172.64.201.10	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2.18.232.7 2.18.232.7	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:303... 2606:4700:3036::ac43:cf2e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	52.239.139.164 52.239.139.164	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3036::6815:4f16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	208.88.224.28 208.88.224.28	40824 (WZCOM-) (WZCOM-)
12	104.19.136.78 104.19.136.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.98.58 143.204.98.58	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
28	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
1	143.204.98.46 143.204.98.46	16509 (AMAZON-02) (AMAZON-02)
1	54.69.214.140 54.69.214.140	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:303... 2606:4700:3030::6815:1b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.107.161.75 104.107.161.75	16625 (AKAMAI-AS) (AKAMAI-AS)
8	37.157.2.239 37.157.2.239	198622 (ADFORM) (ADFORM)
7	185.33.220.240 185.33.220.240	29990 (ASN-APPNEX) (ASN-APPNEX)
8	2602:803:c003... 2602:803:c003:200::61	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.156.230.193 35.156.230.193	16509 (AMAZON-02) (AMAZON-02)
2	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
7	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1	104.26.1.156 104.26.1.156	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2006	15169 (GOOGLE) (GOOGLE)
6	2a03:5f80:a::... 2a03:5f80:a::b212:e7a3	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
2	2a02:2638:1::11 2a02:2638:1::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	23.0.42.150 23.0.42.150	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2602:803:c003... 2602:803:c003:200::77	26667 (RUBICONPR...) (RUBICONPROJECT)
8 12	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
5 5	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2 2	2a05:d018:d29... 2a05:d018:d29:3601:2d23:8be0:67ab:2c3	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
22	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
12	2a03:5f80:a::... 2a03:5f80:a::b212:e7a0	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
7	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	185.86.138.122 185.86.138.122	201081 (SMARTADSE...) (SMARTADSERVER)
6	35.156.28.35 35.156.28.35	16509 (AMAZON-02) (AMAZON-02)
6	184.31.84.150 184.31.84.150	16625 (AKAMAI-AS) (AKAMAI-AS)
6	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
12	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
7	52.208.122.63 52.208.122.63	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
3	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	143.204.98.69 143.204.98.69	16509 (AMAZON-02) (AMAZON-02)
2	152.228.222.122 152.228.222.122	16276 (OVH) (OVH)
7 14	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	104.17.120.107 104.17.120.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42:200... 2a04:4e42:200::300	54113 (FASTLY) (FASTLY)
2	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
7 9	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
6 12	192.82.242.208 192.82.242.208	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6 6	185.64.189.110 185.64.189.110	() ()
1 1	34.102.163.6 34.102.163.6	15169 (GOOGLE) (GOOGLE)
428	77

71 172.64.201.10 (United States)

ASN13335 (CLOUDFLARENET, US)

www.gazetaexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.gazetaexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:cf2e (United States)

ASN13335 (CLOUDFLARENET, US)

agorahtag.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.239.139.164 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

gjstatic.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:4f16 (United States)

ASN13335 (CLOUDFLARENET, US)

adxbid.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 208.88.224.28 (United States)

ASN40824 (WZCOM-, US)

serv431.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.19.136.78 (None, )

ASN13335 (CLOUDFLARENET, US)

jsc.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-58.fra50.r.cloudfront.net

d31qbv1cthcecs.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-46.fra50.r.cloudfront.net

certify.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.214.140 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-214-140.us-west-2.compute.amazonaws.com

redirect.prod.experiment.routing.cloudfront.aws.a2z.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:1b4 (United States)

ASN13335 (CLOUDFLARENET, US)

aghtag.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.107.161.75 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-161-75.deploy.static.akamaitechnologies.com

t.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.157.2.239 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.33.220.240 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.156.230.193 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-230-193.eu-central-1.compute.amazonaws.com

hb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3d57460de9e80c101e86fe0c5db5eddd.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.1.156 (United States)

ASN13335 (CLOUDFLARENET, US)

bisko.gjirafa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:5f80:a::b212:e7a3 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)

ads.projectagoraservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.0.42.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-0-42-150.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::77 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

beacon-ams3.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.98 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.165 (Frankfurt am Main, Germany) 5 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3601:2d23:8be0:67ab:2c3 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

widget.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a03:5f80:a::b212:e7a0 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)

cdn.projectagora-adtag-library.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.19.133.78 (None, )

ASN13335 (CLOUDFLARENET, US)

s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.86.138.122 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.156.28.35 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-28-35.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 184.31.84.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

projectagora-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.208.122.63 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-122-63.eu-west-1.compute.amazonaws.com

projectagora-483829-hdb.adomik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

projectagoralibs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

am-trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-69.fra50.r.cloudfront.net

ad.as.amanad.adtdp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 152.228.222.122 (France)

ASN16276 (OVH, FR)
PTR: ns3189334.ip-152-228-222.eu

s333.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638::1c (France) 7 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)

biddr.brealtime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::300 (United States)

ASN54113 (FASTLY, US)

pips.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.248.245.213 (United States) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.82.242.208 (United States) 6 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.189.110 (None, ) 6 redirects

ASN- ()

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.163.6 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 6.163.102.34.bc.googleusercontent.com

ad.mrtnsvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
71	gazetaexpress.com www.gazetaexpress.com — Cisco Umbrella Rank: 388063 ads.gazetaexpress.com — Cisco Umbrella Rank: 980360	2 MB
38	criteo.net static.criteo.net — Cisco Umbrella Rank: 638 pix.eu.criteo.net — Cisco Umbrella Rank: 7678 csm.eu.criteo.net — Cisco Umbrella Rank: 7893	1 MB
35	criteo.com 7 redirects bidder.criteo.com — Cisco Umbrella Rank: 736 ads.eu.criteo.com — Cisco Umbrella Rank: 7942 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9904 widget.nl.eu.criteo.com — Cisco Umbrella Rank: 15315 gum.criteo.com — Cisco Umbrella Rank: 355 Failed dis.criteo.com — Cisco Umbrella Rank: 619 mug.criteo.com — Cisco Umbrella Rank: 3197	125 KB
34	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 983 trc.taboola.com — Cisco Umbrella Rank: 571 images.taboola.com — Cisco Umbrella Rank: 1580 am-trc-events.taboola.com — Cisco Umbrella Rank: 15190 pips.taboola.com — Cisco Umbrella Rank: 1788 cds.taboola.com — Cisco Umbrella Rank: 1006	553 KB
24	pubmatic.com 12 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 420 simage2.pubmatic.com Failed image8.pubmatic.com — Cisco Umbrella Rank: 543 image2.pubmatic.com	4 KB
21	rubiconproject.com 5 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 436 eus.rubiconproject.com — Cisco Umbrella Rank: 512 beacon-ams3.rubiconproject.com — Cisco Umbrella Rank: 11193 pixel.rubiconproject.com — Cisco Umbrella Rank: 288 token.rubiconproject.com — Cisco Umbrella Rank: 593	32 KB
21	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 stats.g.doubleclick.net — Cisco Umbrella Rank: 67 cm.g.doubleclick.net — Cisco Umbrella Rank: 175	166 KB
19	mgid.com jsc.mgid.com — Cisco Umbrella Rank: 8575 c.mgid.com — Cisco Umbrella Rank: 6289 cdn.mgid.com — Cisco Umbrella Rank: 10842 servicer.mgid.com — Cisco Umbrella Rank: 8740 s-img.mgid.com — Cisco Umbrella Rank: 7632 cm.mgid.com — Cisco Umbrella Rank: 2442	261 KB
15	3lift.com 7 redirects tlx.3lift.com — Cisco Umbrella Rank: 532 eb2.3lift.com — Cisco Umbrella Rank: 356 Failed	5 KB
15	serv431.com serv431.com — Cisco Umbrella Rank: 816532	26 KB
12	openx.net projectagora-d.openx.net — Cisco Umbrella Rank: 30725 u.openx.net — Cisco Umbrella Rank: 636	1 KB
12	4dex.io script.4dex.io — Cisco Umbrella Rank: 1902	137 KB
12	projectagora-adtag-library.com cdn.projectagora-adtag-library.com — Cisco Umbrella Rank: 29070	717 KB
11	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 3d57460de9e80c101e86fe0c5db5eddd.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 120	196 KB
8	adform.net adx.adform.net — Cisco Umbrella Rank: 4785	3 KB
8	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	59 KB
7	adomik.com projectagora-483829-hdb.adomik.com — Cisco Umbrella Rank: 24426	721 B
7	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 210 secure.adnxs.com Failed	5 KB
6	casalemedia.com htlb.casalemedia.com — Cisco Umbrella Rank: 427 r.casalemedia.com Failed	2 KB
6	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1311	2 KB
6	projectagoraservices.com ads.projectagoraservices.com — Cisco Umbrella Rank: 17686	14 KB
5	teads.tv a.teads.tv — Cisco Umbrella Rank: 1139 t.teads.tv — Cisco Umbrella Rank: 2343	133 KB
4	gstatic.com fonts.gstatic.com	165 KB
3	projectagoralibs.com projectagoralibs.com — Cisco Umbrella Rank: 143134	5 KB
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 419 ads.yahoo.com — Cisco Umbrella Rank: 835 sp.analytics.yahoo.com Failed ups.analytics.yahoo.com Failed	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 59	2 KB
2	adxpremium.services s333.adxpremium.services — Cisco Umbrella Rank: 107142	533 B
2	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 439	848 B
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	91 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6342 adservice.google.de — Cisco Umbrella Rank: 9027	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	313 B
2	lijit.com ap.lijit.com — Cisco Umbrella Rank: 598	751 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	113 KB
1	mrtnsvr.com 1 redirects ad.mrtnsvr.com — Cisco Umbrella Rank: 1554	250 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	265 B
1	brealtime.com biddr.brealtime.com — Cisco Umbrella Rank: 2502	1 KB
1	adtdp.com ad.as.amanad.adtdp.com — Cisco Umbrella Rank: 1739	885 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 197	5 KB
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 387	656 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 548 idsync.rlcdn.com Failed
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	38 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 401	9 KB
1	gjirafa.com bisko.gjirafa.com — Cisco Umbrella Rank: 320264	931 B
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 4034	328 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 741	418 B
1	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5927	183 B
1	emxdgt.com hb.emxdgt.com — Cisco Umbrella Rank: 1568	163 B
1	aghtag.tech aghtag.tech — Cisco Umbrella Rank: 44130	82 KB
1	a2z.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com	48 B
1	alexametrics.com certify.alexametrics.com — Cisco Umbrella Rank: 3749	552 B
1	cloudfront.net d31qbv1cthcecs.cloudfront.net	2 KB
1	adxbid.info adxbid.info — Cisco Umbrella Rank: 95075	87 KB
1	windows.net gjstatic.blob.core.windows.net — Cisco Umbrella Rank: 180158	8 KB
1	agorahtag.tech agorahtag.tech — Cisco Umbrella Rank: 96976	2 KB
0	revcontent.com Failed trends.revcontent.com Failed
0	bidswitch.net Failed x.bidswitch.net Failed
0	smaato.net Failed s.ad.smaato.net Failed
0	dable.io Failed adx.dable.io Failed
0	ad-stir.com Failed sync.ad-stir.com Failed
0	media.net Failed contextual.media.net Failed
0	yandex.ru Failed an.yandex.ru Failed
0	adingo.jp Failed cs.adingo.jp Failed
0	socdm.com Failed tg.socdm.com Failed adgen.socdm.com Failed
0	tpmn.co.kr Failed ad.tpmn.co.kr Failed
0	addthis.com Failed cw.addthis.com Failed
0	outbrain.com Failed sync.outbrain.com Failed
0	tapad.com Failed pixel.tapad.com Failed
0	mediawallahscript.com Failed partner.mediawallahscript.com Failed
428	69

	Domain	Requested by
68	www.gazetaexpress.com	www.gazetaexpress.com serv431.com
22	static.criteo.net	ads.eu.criteo.com adxbid.info static.criteo.net cdn.projectagora-adtag-library.com
19	cdn.taboola.com	www.gazetaexpress.com cdn.taboola.com
15	serv431.com	www.gazetaexpress.com serv431.com
14	gum.criteo.com	ads.eu.criteo.com static.criteo.net
13	pix.eu.criteo.net	ads.eu.criteo.com
12	image8.pubmatic.com	6 redirects
12	script.4dex.io	cdn.projectagora-adtag-library.com script.4dex.io
12	cdn.projectagora-adtag-library.com	ads.projectagoraservices.com cdn.projectagora-adtag-library.com
12	cm.g.doubleclick.net	8 redirects www.gazetaexpress.com
9	eb2.3lift.com	ads.eu.criteo.com
8	fastlane.rubiconproject.com	adxbid.info cdn.projectagora-adtag-library.com
8	adx.adform.net	adxbid.info cdn.projectagora-adtag-library.com
8	www.google-analytics.com	www.gazetaexpress.com www.google-analytics.com
7	mug.criteo.com
7	projectagora-483829-hdb.adomik.com
7	s-img.mgid.com	www.gazetaexpress.com
7	bidder.criteo.com	adxbid.info cdn.projectagora-adtag-library.com
7	ib.adnxs.com	adxbid.info cdn.projectagora-adtag-library.com
7	pagead2.googlesyndication.com	www.gazetaexpress.com pagead2.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
6	u.openx.net	cdn.projectagora-adtag-library.com
6	image2.pubmatic.com	6 redirects
6	projectagora-d.openx.net	cdn.projectagora-adtag-library.com
6	hbopenbid.pubmatic.com	cdn.projectagora-adtag-library.com
6	htlb.casalemedia.com	cdn.projectagora-adtag-library.com
6	tlx.3lift.com	cdn.projectagora-adtag-library.com
6	prg.smartadserver.com	cdn.projectagora-adtag-library.com
6	ads.projectagoraservices.com	serv431.com ads.gazetaexpress.com
6	securepubads.g.doubleclick.net	www.gazetaexpress.com securepubads.g.doubleclick.net www.googletagservices.com
5	trc.taboola.com	cdn.taboola.com
5	token.rubiconproject.com	5 redirects
4	images.taboola.com	cdn.taboola.com
4	fonts.gstatic.com	fonts.googleapis.com
4	eus.rubiconproject.com	www.gazetaexpress.com eus.rubiconproject.com adxbid.info
4	jsc.mgid.com	www.gazetaexpress.com jsc.mgid.com
3	projectagoralibs.com	cdn.projectagora-adtag-library.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	cdn.mgid.com	www.gazetaexpress.com
3	csm.eu.criteo.net	ads.eu.criteo.com
3	pixel.rubiconproject.com	www.gazetaexpress.com ads.eu.criteo.com
3	fonts.googleapis.com	www.gazetaexpress.com cdnjs.cloudflare.com
3	ads.gazetaexpress.com	www.gazetaexpress.com ads.gazetaexpress.com
3	a.teads.tv	www.gazetaexpress.com a.teads.tv
2	cds.taboola.com	cdn.taboola.com
2	pips.taboola.com	cdn.taboola.com
2	s333.adxpremium.services	adxbid.info
2	am-trc-events.taboola.com
2	cm.mgid.com	jsc.mgid.com
2	servicer.mgid.com	jsc.mgid.com
2	widget.nl.eu.criteo.com	ads.eu.criteo.com
2	cat.nl.eu.criteo.com	ads.eu.criteo.com
2	pr-bh.ybp.yahoo.com	2 redirects
2	px.ads.linkedin.com	www.gazetaexpress.com
2	ads.eu.criteo.com	www.gazetaexpress.com cdn.projectagora-adtag-library.com
2	s0.2mdn.net	www.gazetaexpress.com
2	www.google.com	www.gazetaexpress.com tpc.googlesyndication.com
2	www.facebook.com	www.gazetaexpress.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	ap.lijit.com	adxbid.info
2	t.teads.tv	www.gazetaexpress.com
2	connect.facebook.net	www.gazetaexpress.com connect.facebook.net
1	ad.mrtnsvr.com	1 redirects
1	match.adsrvr.org
1	biddr.brealtime.com	adxbid.info
1	ad.as.amanad.adtdp.com	ads.eu.criteo.com
1	dis.criteo.com
1	c.mgid.com	jsc.mgid.com
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	ads.yahoo.com	www.gazetaexpress.com ads.eu.criteo.com
1	sync.mathtag.com	1 redirects
1	id.rlcdn.com	www.gazetaexpress.com
1	beacon-ams3.rubiconproject.com	www.gazetaexpress.com
1	www.googletagservices.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	bisko.gjirafa.com	www.gazetaexpress.com
1	bit.ly	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	3d57460de9e80c101e86fe0c5db5eddd.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.google.de	www.gazetaexpress.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	prebid-eu.creativecdn.com	adxbid.info
1	hb.emxdgt.com	adxbid.info
1	aghtag.tech	agorahtag.tech
1	redirect.prod.experiment.routing.cloudfront.aws.a2z.com	www.gazetaexpress.com
1	certify.alexametrics.com	www.gazetaexpress.com
1	d31qbv1cthcecs.cloudfront.net	www.gazetaexpress.com
1	adxbid.info	www.gazetaexpress.com
1	gjstatic.blob.core.windows.net	www.gazetaexpress.com
1	agorahtag.tech	www.gazetaexpress.com
0	trends.revcontent.com Failed	ads.eu.criteo.com
0	x.bidswitch.net Failed	ads.eu.criteo.com
0	s.ad.smaato.net Failed	ads.eu.criteo.com
0	adx.dable.io Failed	ads.eu.criteo.com
0	r.casalemedia.com Failed	ads.eu.criteo.com
0	sync.ad-stir.com Failed	ads.eu.criteo.com
0	contextual.media.net Failed	ads.eu.criteo.com
0	an.yandex.ru Failed	ads.eu.criteo.com
0	cs.adingo.jp Failed	ads.eu.criteo.com
0	simage2.pubmatic.com Failed	ads.eu.criteo.com
0	adgen.socdm.com Failed	ads.eu.criteo.com
0	tg.socdm.com Failed	ads.eu.criteo.com
0	ad.tpmn.co.kr Failed	ads.eu.criteo.com
0	secure.adnxs.com Failed	ads.eu.criteo.com
0	cw.addthis.com Failed	ads.eu.criteo.com
0	sync.outbrain.com Failed	ads.eu.criteo.com
0	ups.analytics.yahoo.com Failed	ads.eu.criteo.com
0	sp.analytics.yahoo.com Failed	ads.eu.criteo.com
0	pixel.tapad.com Failed	ads.eu.criteo.com
0	idsync.rlcdn.com Failed	ads.eu.criteo.com
0	partner.mediawallahscript.com Failed	ads.eu.criteo.com
428	112

This site contains links to these domains. Also see Links.

Domain
tetjera
youtu.be
widgets.mgid.com
www.mgid.com
www.facebook.com
twitter.com
plus.google.com
3p3x.adj.st
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-15` - `2022-07-14`	a year	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2021-12-13` - `2022-12-13`	a year	crt.sh
serv431.com R3	`2022-01-31` - `2022-05-01`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-03` - `2022-03-03`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
certify.alexametrics.com Amazon	`2021-06-14` - `2022-07-13`	a year	crt.sh
*.prod.experiment.routing.cloudfront.aws.a2z.com Amazon	`2021-10-13` - `2022-11-11`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.emxdgt.com Amazon	`2021-07-02` - `2022-07-31`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
gjirafa.com Cloudflare Inc ECC CA-3	`2021-05-02` - `2022-05-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
paadserver.projectagora.info R3	`2022-02-10` - `2022-05-11`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-10`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-06`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-03` - `2022-05-02`	3 months	crt.sh
cdn.projectagora-adtag-library.com R3	`2021-12-17` - `2022-03-17`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.adomik.com Amazon	`2022-02-09` - `2023-03-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.as.amanad.adtdp.com Amazon	`2021-04-06` - `2022-05-05`	a year	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2021-08-05` - `2022-09-05`	a year	crt.sh
*.brealtime.com Go Daddy Secure Certificate Authority - G2	`2022-01-21` - `2023-02-22`	a year	crt.sh

This page contains 40 frames:

Primary Page: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Frame ID: 21259ACBCB916E64A83E2B63C07A8A67
Requests: 135 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220221/r20190131/zrt_lookup.html
Frame ID: 0FC39157A9E7227CAC7F6CDFA7C9D441
Requests: 1 HTTP requests in this frame

Frame: https://3d57460de9e80c101e86fe0c5db5eddd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3A09F3A07F8B8AE83FEC2579BAB97AEA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4665846415960239&output=html&adk=1812271804&adf=3025194257&lmt=1645702296&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645702295785&bpp=3&bdt=660&idt=446&shv=r20220221&mjsv=m202202180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5623693614665&frm=20&pv=2&ga_vid=828370054.1645702296&ga_sid=1645702296&ga_hid=322030387&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064857%2C31065022%2C44756895%2C44756896&oid=2&pvsid=393867970964119&pem=626&tmod=835804713&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=457
Frame ID: A6B25F7DF66AA5BE048246DE7A278428
Requests: 1 HTTP requests in this frame

Frame: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express
Frame ID: F3A628D4FD60A2529CD5157842846360
Requests: 10 HTTP requests in this frame

Frame: https://serv431.com/zsHcqeFYZl5TE4PtVkZ9PIxH5BH9-8otlM4qehW-f2zgYAPv_OPcmNmNXONFCSSmm1S6jpthJLCZLhtQdwS4RvLRKaJcQz3TN6woQn9zhVtCMZqmO1CEVeTESvUY7gxDJRWq5rU9QEvHNL_IhZyCh7LKDkMQmjeOA3MQvSfprK6c1DD5x9HYHxhdeRUOW2k6A3lE_5CBju7W0RxP-D0wer7ZUylA1LHE25bsmRWcysVQ9DZDqvETQ1j2ic_2Lig9NAv2gy-iq8Xr2FehE_gAFDLiwmiPaanwEz5uVQxqRoXXeXtuLQOe_sD8lClBu8wPdLb_rG04S0u6hz59V4waKHSuAmwrvF38QUKYzal0ZgX19UMDoXiVip1MqfvncQMwdTv9Mr8Jv8kUEri1Rfu5Y9aeB9h83S57dn4eD4A?DC=WZ
Frame ID: 6CDCF0B437698D54D384BA25EE878E6D
Requests: 1 HTTP requests in this frame

Frame: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html
Frame ID: 65443C791B40A2B0849D97040E887020
Requests: 10 HTTP requests in this frame

Frame: https://serv431.com/zz8i5C2I1WRyY7wKym0oQ1ySg4U6NxNgPf2enKfiphAg5nJeMU4NfZPkF7pFMUyIaYHVm94nYcetpyTOhrOozqk9gwlnW2e-h9fhyQ1g4Kz7P3KeTwUDxpm_bQkuNVbSYVd2p5T6VpTHlH71Sj0QGNEvPxGcudpn8HjtDhVlCqmtrjVSzD-0llaEHUUWleTNtFlvE1RwVBLTIJ607x981riSm7qTYZnBdHx6J8hvkdQrxLu_WtpakRUNOGFZkJ9yHZ5Gg_djA_IsuYPv9SaqU5UAQnSdv1YRRtutfY1zETKvidTbSMNso1JfcNa_4j6mF1v6LFFEsBNoQA227-6R5yTY6A4c2JFESOHWQ6ojDAAHuFqBt7RkHA9zRQ9tYP05YYPTOciYS1kOqqSRYWPBflezUqbQaICKeyNXXpA?DC=WZ
Frame ID: 084AA6CCDFE2BCACFFF4228F0D4A098B
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvTtA5QEZmnS68xVeXO6Rpuk_ZWYMIUlPvhAzEKzUu_aflMsFNKAKaW-IVCnBQ-ujDh2nyWf6MQwGMSJMNpwR5VJkaBRG7B9BnNUKkNvye-rT7wC3TtLFt3DxcGORR6nHZTB9ROQUSjrkMjmyF7D89P_Aqdlvx0YtdzX_XszQIgCaRWYYakL0X9GTY1nNFhO10-NcmBULlkY8KQWxq_I8wyioAkmgtXj_sM7uhOCZgK1brWQ-cCVJD5vNf5zmEXBryOjFzKQJH6X5r3pMtOLNMZ3hQg2tPJfMikMeZ3rpakUMDb3WA9tcol7oVztPtV6eaRoQ&sai=AMfl-YRx2gTeACutxPrICvocxDmJunhS3xxosAYwMi5k1fydrcNj3Ejha6vzepfGjC-EehO2fCPzFoQnLCZ6m3M8PsqxaD0PNlxxjw2zVJUZ_d4e8wZwW5jCh3iaFlCItOjg&sig=Cg0ArKJSzMDbTrjqYspMEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: E739F2A6D06DA4B2AA260CEFF72D2E4A
Requests: 7 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 1D7B204117D05FCD6665E98DC4E2A3C6
Requests: 1 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=4361
Frame ID: FF6062D366AFCA7D4CC7B5E6F8FC3C8D
Requests: 20 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6751
Frame ID: 7B200261864D50E75AE1858ACE83D1DD
Requests: 21 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=4361
Frame ID: CEAA24D41522C04595BC5FD70D3F3E7E
Requests: 20 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=D9C90B8C96C1CADA&u=%7CmfU2EJoeeNDkB04GWQ9jwWDKFYW7QMg96Bktz4IjyuM%3D%7C&c1=92U3al7lWbVmeBs5kV1BdtL1fLiyqTtS1i4r4gcqJw6sHrEkub6yyT0MEiGmtIJBiJDfKu26TMEjjYxq0-vA-KGRe-H6gNW69G2TSymoArvCNwn6RUWgBerSEIsN6wnXqYYgOAHeyBr4DmDvgfjHbHPZydJdLpB2yzgIsbQMKSvQ_J3R0u4a00ybx70IpotAcp4P5cvuphbAd9D8EC8Zd9Q0rCuOIAcPyv9_K2zaIwdnXuv3MEvBg1pHD_TGC9U3fU71JKq-Gpvc0ci_X6Eytr9dNBXiMBxjqebj3X6jl-PITpSi0uC27TN1Ahj4zY2FpgS_8VWGU8u6ON5IsAaDrls9Qx8DVa2K4ONsk_AKck89JF9PHLnPAT1GkWVsXnkWfI-d_pjWm14Erz1yoaR_-HHre2V4mPbB8NGZOb_11M3gJiyrfgpruAmHzkBRKOofbiOIMy6beh6Z_pme69gTMyV8XSkHfPQPUlTH90o0exl3Y1z8qa1TBYuT9QQXekEcrjC3AKi22pQ
Frame ID: C39FEF607CBC6059345E5E0B89B7F258
Requests: 28 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 7081831FAD308F6640EC11159CC8CC0D
Requests: 10 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=4391
Frame ID: BE429E2B08BE38ED9462971C604D316F
Requests: 20 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=4391
Frame ID: 635F783C28BB1C5B9DB61313B9B8A7B6
Requests: 20 HTTP requests in this frame

Frame: https://widget.nl.eu.criteo.com/dis/dis.aspx?pu=7944&cb=62176c972f309742885e031dd2eb3f6c
Frame ID: 72EB6546246C55A315ADE54345B3A08E
Requests: 1 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1645702296961551473124
Frame ID: A0211958BF626FC419F595A108F91EB0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Frame ID: 603AA46A78D48CAAE29998845EBCDE7D
Requests: 15 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=4361
Frame ID: 8AEF0FF909F013D100F6E8DC4FF4F2D6
Requests: 20 HTTP requests in this frame

Frame: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Frame ID: 5FEEBFE2695A40B5540B5EAA11D62128
Requests: 16 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: BAF385DE6DA956A8DB2F75C49E96E8FC
Requests: 1 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: B9EBB603644CA046E36C838AAA63F12C
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?u=%7CMW%2BYVyp3ccpgHJLJbZy4PW%2F4DVxOy4PeQ0SDMraOIUo%3D%7C&c1=92U3al7lWbVmeBs5kV1BduqmbVTsM6wtV5aDneJf4TumKkT4ir9J4LbqSNfvg0_pDaPHN0PpvMv0oyG26rQDaK9ITmtyhoEC_HwzXi-9UIUsJ_-dbeWHEcaauHKY_PS5FI2KSZs4a6jZWJrVDv4fblT7ond8I-F-WpMK9ahbII9BOC0VIkX5MlnJUQsYwZCHRL0JKDfHbw_Ft19-kPfLWZx1qRWjfrNm6ZJkhZ7NnWFm05aLBDgS1pYrbFECRQMFp3_WIR7SWcc1kVHdX7hTQza0R2VX9VGjshBMFwKUp1GgBkRlMvh0u0FqKyfLSDgAa8h53ujtsNwdJB4MdFHicxS5Qp4kZ42buzhDLH1EbCLTLJ3-FPT7sVUV3OfQmGmCLRyFw5YAKwyMYy29u5MUUQbwHIM5scsKmv54LJjmXFd-w0t3FUaF-JmKeuOZB8wmHY0Vw1OujOhiolReAq7x67DLeNslHaTZ9TJFCa4MnMA
Frame ID: 5722968DB22B1CFF3E83C00A066B3D5D
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1761FB36F79F8C136A164DD3472A8E7F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B7232B192A65CD71268853A039DE87EC
Requests: 2 HTTP requests in this frame

Frame: https://widget.nl.eu.criteo.com/dis/dis.aspx?pu=175302&cb=62176c99c455ee1738627da633ec806e
Frame ID: B0BA07A9414C1580A8E7C68A44F719B0
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40
Frame ID: 34928B8593642CD7E4C57971776753F5
Requests: 30 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: 38D45EDEE05E25937DE04634F75C1625
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com
Frame ID: D54809ABD6C678F49905BDBFA6A7DA79
Requests: 2 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 038172CF92222BC67EA35F59D1D605DD
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: B1E831C437571FAA105720B839E68BFD
Requests: 2 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13396601
Frame ID: 00D826A500E916E60295371315A0CDC0
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com
Frame ID: B6422DD63A87CB69B9A147D19F86A032
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com
Frame ID: 4366EA6EFA5E389E81D57CA8B95A3D83
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com
Frame ID: 9C641B940D90E2120AD76815A576809F
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com
Frame ID: 387E42D9F280AA9C15A775F2391C39DE
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com
Frame ID: 4C87C7449F14F670DDC3B3373ECAC7D8
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com
Frame ID: 7B3B4C37E6638D973EBC449455A69C59
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AFP sjell pamjet e njerëzve të vrarë dhe ndërtesave të shkatërruara në Ukrainë pas sulmit rus - Gazeta Express

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css
owl\.carousel.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

428
Requests

87 %
HTTPS

41 %
IPv6

69
Domains

112
Subdomains

77
IPs

10
Countries

6366 kB
Transfer

13995 kB
Size

68
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: http://tetjera/
Title: Te tjera

Search URL Search Domain Scan URL

URL: https://youtu.be/KP4alR_40NQ
Title: PRESSING, Debati për martesat mes gjinive të njëjta

Search URL Search Domain Scan URL

URL: https://widgets.mgid.com/?utm_source=www.gazetaexpress.com&utm_medium=referral&utm_campaign=widgets&utm_content=1190148

Search URL Search Domain Scan URL

URL: https://www.mgid.com/services/privacy-policy

Search URL Search Domain Scan URL

URL: https://www.mgid.com/ghits/11739857/i/57523311/0/pp/2/1?h=2UrHCdBQP1OAGuU1VB-FBkopBgRZ3LFE-26L4MXmjgC5lBoeVVVKdF3bc4ie1sl2&rid=539ecfc0-9565-11ec-8009-e43d1a2a04aa&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=60

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.gazetaexpress.com%2Fkonjufca-vendos-qe-ta-dergoje-ne-komisionin-e-venedikut-projektligjin-per-byrone-shteterore%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Konjufca+vendos+q%C3%AB+ta+d%C3%ABrgoj%C3%AB+n%C3%AB+Komisionin+e+Venedikut+Projektligjin+p%C3%ABr+Byron%C3%AB+Shtet%C3%ABrore&url=https%3A%2F%2Fwww.gazetaexpress.com%2Fkonjufca-vendos-qe-ta-dergoje-ne-komisionin-e-venedikut-projektligjin-per-byrone-shteterore%2F&via=WPCrumbs

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fwww.gazetaexpress.com%2Fkonjufca-vendos-qe-ta-dergoje-ne-komisionin-e-venedikut-projektligjin-per-byrone-shteterore%2F

Search URL Search Domain Scan URL

URL: https://3p3x.adj.st/?adjust_t=u783g1_kw9yml&adjust_fallback=https%3A%2F%2Fwww.viber.com%2F%3Futm_source%3DPartner%26utm_medium%3DSharebutton%26utm_campaign%3DDefualt&adjust_campaign=Sharebutton&adjust_deeplink=viber://forward?text=Konjufca+vendos+q%C3%AB+ta+d%C3%ABrgoj%C3%AB+n%C3%AB+Komisionin+e+Venedikut+Projektligjin+p%C3%ABr+Byron%C3%AB+Shtet%C3%ABrore%20https%3A%2F%2Fwww.gazetaexpress.com%2Fkonjufca-vendos-qe-ta-dergoje-ne-komisionin-e-venedikut-projektligjin-per-byrone-shteterore%2F

Search URL Search Domain Scan URL

URL: https://widgets.mgid.com/?utm_source=www.gazetaexpress.com&utm_medium=referral&utm_campaign=widgets&utm_content=1002277

Search URL Search Domain Scan URL

URL: https://www.mgid.com/ghits/11739842/i/57337761/0/pp/2/1?h=YShpyM4-jy3u-Mj23ZtI2SxWZFyqpzwtcN-UX_wxDf7OB4mzJXJjgbcBU8E_7CRC&rid=539eb511-9565-11ec-8009-e43d1a2a04aa&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=60

Search URL Search Domain Scan URL

URL: https://www.mgid.com/ghits/11739861/i/57337761/0/pp/4/1?h=YShpyM4-jy3u-Mj23ZtI2T7rgIaY0yUcttKABw-m7S17wrHRfWmRvvP3eIR83e3N&rid=539eb511-9565-11ec-8009-e43d1a2a04aa&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=60

Search URL Search Domain Scan URL

URL: https://www.mgid.com/ghits/11739862/i/57337761/0/pp/6/1?h=YShpyM4-jy3u-Mj23ZtI2ZH5TVKgZKuBtuH8i7RgYEXKIlby_E9q5QzM0WLevFQW&rid=539eb511-9565-11ec-8009-e43d1a2a04aa&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=60

Search URL Search Domain Scan URL

URL: https://www.facebook.com/GazetaExpress/

Search URL Search Domain Scan URL

URL: https://twitter.com/gazetaexpress

Search URL Search Domain Scan URL

URL: https://www.instagram.com/gazetaexpress

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCOWHTFsANLsHe2e2hXuHkOQ

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 116

https://bit.ly/3HbDRHN HTTP 301
https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPoOF-GixJWD5o9ODMyBV2s&google_cver=1

Request Chain 152

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L00WNMDN-1A-54BG

Request Chain 154

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NWQ2OTcwYzI4NjVmMDE1MDQzN2E3MTRhMzJkOGE3NTU4MGYxZGFhNA

Request Chain 155

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/Fr-k-0Ozu2GujQpfN7BKSMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8727105653200393233

Request Chain 156

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4cf56217-6c98-4b00-956c-59fb1de7107a

Request Chain 157

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L00WNMDN-1A-54BG&sigv=1&esig=2~413910ee8c9f167b1dd64a366eafd45586fc0359

Request Chain 158

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDAwV05NRE4tMUEtNTRCRw==

Request Chain 331

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay0zZjY2M2lEVVlXQzNHd1R3S3NwZDlRaFNsTjdzWF8yZWtvN29sQQ HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Request Chain 375

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=0&topUrl=www.gazetaexpress.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=FuUDEnx6c0x2MGtiZ3plZGdsWm5iUERwWGlXRm5MRlJTWlUrK0t6RVRTamxPNDlLQUhyWkloTm84OGJieW9pcjNWb1lmcXFHZGc2ZEQwNTZhZkZIeU81ci8rNkJZT1FuK0xVVms2UTdkNkpNK2ZVV2xCTVlxdWFiN1QzNzAzQVFqWER0RnkwYXpZa0NYMEdCcHJzN1RXcDhRQmJrZkhkaSt0NkVKWHJyUkJwNDhpYi9aRThpNDdTdThySlk2RVJkWXN6OVpubFozWm9mUklIZ2ZRMis3YlYxV0pLSHo0OStROU9va2E2L3VTaFhvM2ZkWTY5dHY2QWJkRzZjdWtVMmUzVWZwQVltUm1mRDBxbENhQVR0N05kWG50UT09fA&cppv=2

Request Chain 387

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=2LaE6F95SFJBM1lSMzNBWURXanBBWURSUEZxZlQzUm5EVWt5MUZqUVZLa1BVJTJGRmFZMmZsb0Zwdk95cTVGbno0Tk5tMFVNVUhadm1KZmxXZ0NmMjZJa3BqJTJCejhpa0NXc3NveWVOczdUc3J4dDZ3b29lY3RncjR6VXJHQktqUHlPSEpjNXdzaVZqSEFOeVE5SDFCRkY1QUU2cDl3JTNEJTNE&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=vJpUmnxtRUsrS3hMZHFadlNvSGxuZnNDU1RkeDdFSW1VYjF4cGFnS3NUUVpwTXFVZjlxSXcrNXlFZ3liUmZXQW1KNU5ldnp0Ty8zTFVCc0c5T2hJV1FxbW9GeHVxeXhudmk1YUxxYlFzTk5OUDcrWGhKb3NYc2RjNjJWeHF3U1BxOFE1K3lFeS9WM3c0eDNLVUlBRzZhWFpsbUpDUnZwSCtOOE1kWjMyOEJINTROMjRxSTYzNnduWDhzTEo5cStvRDdKWUZPam5FdlNGZ2NLdFJVRXZtaVR1Q1NvT20yditSZzFoWTVKZ1BJRjJtWFRKRk5rNVl0cjVxMmNqMnp3bW9qRzBHWGp4ZFh5bDJEL0J6TEJwWk9pZldNWjVwdGd4MTN3N0Y0Z0lRUWk0OFFBbz18&cppv=2

Request Chain 391

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=2LaE6F95SFJBM1lSMzNBWURXanBBWURSUEZxZlQzUm5EVWt5MUZqUVZLa1BVJTJGRmFZMmZsb0Zwdk95cTVGbno0Tk5tMFVNVUhadm1KZmxXZ0NmMjZJa3BqJTJCejhpa0NXc3NveWVOczdUc3J4dDZ3b29lY3RncjR6VXJHQktqUHlPSEpjNXdzaVZqSEFOeVE5SDFCRkY1QUU2cDl3JTNEJTNE&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=yJPS4HxvTUMyalNaeVMwUERBM0hPR3U1eFg1M1F5WDVmV2k0eW9JUDNXbStrZC9iZzdtWHJCTm11bmlSYWhqZ3FuWEx2aWpsMlpBeTR1ZmJ1RmFJcUdlTnlUeXlWVmJwUkx5Vk01TUwxTVJ0bXFJWkJ4bE01bUJIbzBuTW00R0RXVjRSNnN5ZjJJazcrcmZNZnNFZ3VsNHpTak5yZXNNUnV1TmoxNENwb2R2N3NUKzFDVE5FdEFTUDFqQnV3cWh1ZEsvUU5qemZHYklTZWpHTVlENDQxSnVpaWkwN0RSdW1FdVRiMXlnQU1vZGtodjloS1BrMUdWRUcvd2lGZDFrTzRFZDVlaFVjSmh3RVBZRW1lK29JdzViT240aVkzdmlBMEZVbWNEYURrTmFhM3dHST18&cppv=2

Request Chain 393

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=2LaE6F95SFJBM1lSMzNBWURXanBBWURSUEZxZlQzUm5EVWt5MUZqUVZLa1BVJTJGRmFZMmZsb0Zwdk95cTVGbno0Tk5tMFVNVUhadm1KZmxXZ0NmMjZJa3BqJTJCejhpa0NXc3NveWVOczdUc3J4dDZ3b29lY3RncjR6VXJHQktqUHlPSEpjNXdzaVZqSEFOeVE5SDFCRkY1QUU2cDl3JTNEJTNE&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=QzOFNXwyR3ExWXBFdDhYUHRIbEljM0RGVk9kcHhSczREdjZvQzVnSU5yRlNlbmZjeDRuemdMclEyTmt6dGQ2eXAzZWpXODhCTnZvaWZXa0thejRQWWRCZHM0OGhHK20yVHZUMDN6R0JqWm5FWXNhd21hc2ZmSFRzRHZPOWt6R0k2VlB2VXRFekNEREdVKzRpMys0dGxYdWJQQWFuSXZ0ZGcvQnlKRzZqR0MxdlpRV1RkQnRVVURZZTIvTVROUlBIQXdqQkRQd1lUZ1gxRHllRmRHUnFibSt4N1ZvUnl5SFhDNmNjMHJ1ZzJuamhkc0lZZkdPNUJUTVBVRWtjUVBYNE9aZEQvSXZKdDNDRDUvdVdnWGVOMk1vZHZOL04ySGplNDhGS1M4ZW45cmd1MEgzZz18&cppv=2

Request Chain 395

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=bZIi3l95SFJBM1lSMzNBWURXanBBWURSUEZ2c2IxOXMlMkZuQnNXWXgzVzMwelBHQWNUcTlDT1c4OWh0RFpqZTJuckNYcjlwc1BnajFwTEFGakk2bThmWm5oUHU0OWtvNHVoMU9jUXc0YzhCdHNrdjNmTSUyRmx0dlRtc3B0T1drZTllSGZKdHN5bVVrZHFiYmdTUWxMSGRlVWdRRjNBJTNEJTNE&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=xylBwXxHNGh6cUxkRXdCamcvMTJCbkdrWmNpTSs3b210NENqM2owODdRQnYwclRlVmdhWDFtRnJoS1RTaE1HQTVGZytVS2RObHVJYmxidTM0TkhvcVUyZnNpSzdUU1YwYXBSRzF0WEJkZTNIbzdMdjVudzRFb1VrVXl5d0sxcHQ4WGpNaFRPU2ZIcUJzRFV3a1JoVXVRWVdSN3E5dTZLdGpVYnJjWGFpYjZxbWJoWTlCbmJKU254dldJZ0tiN2MyYUpIdlRsUDNnMHN4dUgrcHZFRmhxbE8wUnZVVmY1SFgyMGdhYjdrTnBmcVdmUFZVbVV5WTdHR3lPYTdtRElRMElmYm8xNXJrdGt3V29saUt4RG9iYU5HZ3dnbnFpWGt0NmYveFVnTUFra2tjOEFqcz18&cppv=2

Request Chain 398

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=H5CAeF95SFJBM1lSMzNBWURXanBBWURSUEZyblpFRyUyQkhkanozZm1tbUgxYXQ1bnpNODVXOVplRW1GWUhicEFJZVVzRmVGYU8wMXhCdlUyb1JTWjM0NlolMkJpRzV2NE53VnNYU01kNFp6Q1FTJTJCR2d0VElFS05YQ2pQJTJGV2NFOUxZcWoxcGltR0NBQ0JrRkV0cUhTSjJHUHRtdVYzUSUzRCUzRA&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=MHxIJXxLL0tTdVF2SjJYd09PbXhSb0lXRndRbXkrYmcraEo3WFNndW4wa1pxZ0xkRGhpd1Bwcm5Dam80aGJ2L0x4MjhzWm9rMWxhd0NzM05MblFNY2lkUytXRFYrS0JRd3ZKejk5emJtbmFmRzlGZ0pTRTRlWmo3V2dnTjQyekZ5ZDNLWHIxeDdYWDRLNmdWWnpqN3JkMTlsQXVhMkwrempPTVZhN2FzejBib1M4RGNwOUcyZnRSenN0Y1liVzZiVHl3SlJFdmEwWDFpYXNqSDBxMkZkRlppelNWZmtKbXc1TVdCbU40dnlKRlZINmEzeHBRS2xsSlBJYkR1SDFvNzJTM3hiajluQU5CTm1zTHdpTnVZTlRzR2lXR1dGTUNtbEpwcVpNeUZJVTRtellRVT18&cppv=2

Request Chain 409

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=8qBKjF95SFJBM1lSMzNBWURXanBBWURSUEZuZlV0MjM4QUphT1FRbktDVzE1NmVNUDFacXhiVzhGRDF0ZWNua1dNNiUyRmZZVFdXRUl0Ump3bW5vaDE0UW9ZaWEyNU1yUXlLRXo4TjJXT0ZnemVmTTNHNzZDJTJGd1Z0OFZmVE9rY0x3b0xzTXNBY256SHg0a0xOTmRYVXpjbGtMJTJCZFElM0QlM0Q&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=g0v-5nxLZzZaT3FZa0tqR0pJQm9CQTFzMXZKVU13YTYyN2tGZTk4VzlaRGUxUnhQMEFBWFVsTnV4S1piY1hBdWxWc1V5Lzh2TGcwWko2M2wxUFFyWUlabGlzejRpTjBiZDRIOSsrMHZpd1NYK1RIZVcxS2hNeE5leUFPalF6dVZOMzhHTTBZeXE5ODhjSlJkYnVZVFovUyt1NU1qZkFlWHBSY3U3SzVBeFpjWXo0cUQvNnYwZXlCVy90aStsV1Fna0Q0WWxycnVtQWFRNUhaM1RFeWhGZmJaM0NGYjh3S3MvZ1hGTDlmd0orOHN6Qm9zZXpvN0dhdlNla1hSRVNDTEN2MVViallpSVdxQ2pnN3J4WmJ5bGtjQXhtT0ljb2pHdUp4WmNJZmMvN0dpNFRDcz18&cppv=2

Request Chain 410

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=

Request Chain 411

https://image8.pubmatic.com/AdServer/ImgSync?p=156400 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MjkxNzZDMTMtNTRFNC00RERCLTk2QjAtOEE4ODBCNERENDU3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 414

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://ad.mrtnsvr.com/sync/triplelift HTTP 302
https://eb2.3lift.com/xuidmid=7976&xuid=KwJrbUqfM&dongle=u6nf

Request Chain 415

https://image8.pubmatic.com/AdServer/ImgSync?p=156400 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEE4QThCQTYtNEREQy00M0VFLUIxNzUtMDExMTA0NTczNTkw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 417

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Request Chain 418

https://image8.pubmatic.com/AdServer/ImgSync?p=156400 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjJERTNCMTctM0FGOC00M0ZGLUIxMzQtMTU5RTBBRUYyODVG&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 420

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDk2MzU3Njc4MjIzNjgwNzQ5NDYy

Request Chain 421

https://image8.pubmatic.com/AdServer/ImgSync?p=156400 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REQ1MjNFQkEtMjA5Qy00QzkzLTgwN0QtMjBFMTFEMEQzRTQw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 422

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=496357678223680749462&dbredirect=true&gdpr=1&consent=

Request Chain 423

https://image8.pubmatic.com/AdServer/ImgSync?p=156400 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REFFRDlEREQtN0IwMy00MDRDLTg2NUItQUI2MTE3OTg3RUZC&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 426

https://image8.pubmatic.com/AdServer/ImgSync?p=156400 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QTk3QzVDMUQtMUY5RS00RkY3LTg3NEMtRjc2REMzMDBCQUYw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 427

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://pr-bh.ybp.yahoo.com/sync/triplelift/496357678223680749462?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-txp49rlE2oQbm7ke.YHo_jRhJ_WhE8ArkVy_vetwVQ--~A&dongle=0883

428 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/ 49 KB
13 KB 223ms
198ms Document
text/html 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b237f179c4cdfdb445558e40de5bede2d8cb8bfe8e15bae887884d37b4e763ee

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding Accept-Encoding
x-pingback: https://www.gazetaexpress.com/xmlrpc.php
link: <https://www.gazetaexpress.com/wp-json/>; rel="https://api.w.org/" <https://www.gazetaexpress.com/?p=1446390>; rel=shortlink
x-elasticpress-query: true
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXmhH18HZ2UUo3b65vRmVzm7OZQ0sHFPNn5OQRaDKXfvgX90UflCtoAf52h9tzvsrUMum5kcsfMT2lGjnuU0BFKA7TwJvlwHnk1E0k%2FZKqSSR0cVfALk7CoHnMT5zkP%2BEL9HSx57TGg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e285e4f4d99918c-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 y7fSIC-Nar-PQDdmdwDlbGcPmlk.js Show response
www.gazetaexpress.com/cdn-cgi/apps/head/ 5 KB
2 KB 36ms
34ms Script
application/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/apps/head/y7fSIC-Nar-PQDdmdwDlbGcPmlk.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fad256c668aa1eb51fa18a925e95273df342e46f3162de728123b4c1fb922b5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1BF9QVJZXCB8BR4P
x-amz-id-2: DZfH/DKbEW6iprS7LXWimgfjAih1FxzhV4ROJQscY4chpFyAUlaN5m8tqH5r+LOvXqIdqs8oXNw=
last-modified: Tue, 10 Nov 2020 13:59:35 GMT
server: cloudflare
etag: W/"b61e1b8cbc26b381f84b9fe75d6bd20a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FRjJBJToFfjs0oOGdBwtSb0mXjb6vVC6M%2BwH%2FmfEZyKEfkBP9Nr4PhEOMUG%2FAUU81S5ZnlyV1cBsgGV8KdVqZcDFCmASSk77H8cZ2ypiR9koP2qg1oXTrL1GBA8QhiYjFBMX2VJ9J%2BM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: EbY_Qr2u_RqkzHBQ7tezB1tU2A4mETa.
cf-ray: 6e285e50a9f2918c-FRA

GET
H2 200 tag Show response
a.teads.tv/page/76285/ 787 B
689 B 54ms
7ms Script
application/javascript 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/page/76285/tag
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9800465cae64bdf8617aaca614fe37e565cf5b9e577daedd111816175e406b04

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate, max-age=3600
access-control-allow-credentials: true
content-length: 489
expires: Thu, 24 Feb 2022 12:31:35 GMT

GET
H2 200 gazetaexpress.com.js Show response
agorahtag.tech/c/ 9 KB
2 KB 51ms
15ms Script
application/javascript 2606:4700:3036::ac43:cf2e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://agorahtag.tech/c/gazetaexpress.com.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:cf2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9b6ce5bce35a38960eda5c669c47447957cf16042d21a91973f55393e5b3b55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3334
cf-ray: 6e285e528a4e9182-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1538
x-amz-id-2: rLVu42soKem8Bi1YSzhpqxcuUsbUk0sNrfYqL0H/jR/bNaBYkEX0c2WSOkXoEVlYb8ZAvg8hd8w=
last-modified: Sat, 05 Dec 2020 13:38:00 GMT
server: cloudflare
etag: "9a03cc3598f1fbece481220c80dd2575"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uSh%2FBIKNo2TRhIbmvSBmPEOp8t2Hw6IG05ruj%2FDSSmBh%2F6TpgoRexQi2coNnmcd%2FcgAY6M7sgRw3DoKbTyo3I12otGLqrDVBanFeN5WpUaVRmeJOigx0t%2BI%2BBfL%2FXDRRpk353UMj93yqvyV0A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: KFZ5HYWY1KQWRP0D
cache-control: max-age=14400
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
53 KB 187ms
92ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a87b3a6560c4ea75c08809af3a7982e03f7b8eed54a53077ef0871e12d5e25f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53770
x-xss-protection: 0
server: cafe
etag: 3706029818155191770
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 24 Feb 2022 11:31:35 GMT

GET
H/1.1 200
OK gjdmp.js Show response
gjstatic.blob.core.windows.net/fix/ 7 KB
8 KB 131ms
33ms Script
application/javascript 52.239.139.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://gjstatic.blob.core.windows.net/fix/gjdmp.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.139.164 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4d3c2716fb807011f9b2da62eccb916cb685d127d731c19b72e91d1116b18b71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 24 Feb 2022 11:31:34 GMT
Last-Modified: Sun, 28 Feb 2021 19:38:55 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: AkdWFmz3+ZBD6nME4CH9VA==
ETag: 0x8D8DC207C714D5F
Content-Type: application/javascript
x-ms-request-id: 05a45c1c-101e-003c-1f72-29037e000000
x-ms-version: 2009-09-19
Content-Length: 7361

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 147ms
50ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

36f2cdf03858595e09d76849b9df062ace1077058397cd04396d6f6fea7be28c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27376
x-xss-protection: 0
server: sffe
etag: "1141 / 283 of 1000 / last-modified: 1645696034"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 24 Feb 2022 11:31:35 GMT

GET
H2 200 gazetaexpress.js Show response
adxbid.info/ 285 KB
87 KB 119ms
57ms Script
application/javascript 2606:4700:3036::6815:4f16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adxbid.info/gazetaexpress.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:4f16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46bd65df4f409fb2e7308c958be9e21ef67a5a8a253a65b1ea0da54f13c8523c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 10 Jan 2022 14:09:44 GMT
server: cloudflare
age: 3364
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwrSeHt2cJ%2BPwEm0TU7o6SG4YiUguzxJfIccrMdqNG3TXCJ%2BBiesUpl9sg%2F16N2CXHuT0UCXo9p55dBzuciG6gH3R8joNh4WL9pJIzDaAjOQXfjB2ef4p8uA4kuf1F%2BHXfDghSZ5wiCgbg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e52b9f89113-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.min.css
www.gazetaexpress.com/wp-includes/css/dist/block-library/ 40 KB
6 KB 33ms
31ms Stylesheet
text/css 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.2
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Sat, 22 Feb 2020 23:32:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gk9si2rIXc2VYkWweIzMXYr3wl8tCqGh2UG%2Bvj6n26ZAdk8xGOUYbsTg5r8bWaTOKha3eWaNn5w%2B2xixWxeGFCpFavs%2BfToH9xKw6LUhL3JnVUPMBpLj90j%2BhMYOJbBhRt3E8ujGzdM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 6e285e50b9fc918c-FRA
expires: Sat, 26 Feb 2022 11:23:01 GMT

GET
H2 200 related-posts-block-styles.min.css
www.gazetaexpress.com/wp-content/plugins/elasticpress/dist/css/ 284 B
483 B 36ms
34ms Stylesheet
text/css 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/plugins/elasticpress/dist/css/related-posts-block-styles.min.css?ver=3.5.1
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d067735991c685e2ff4b1002571d94671a3cc0b93a4c367a9f268c2d4a8a97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Sat, 07 Nov 2020 00:47:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txzdFx7KB9zSF0dL0wSjGUM45KLSn1pqtODpFazKAqYS373yt5o6Y89yHZQzOgGGO00ypMuzC0D1daeFJeB5RxDGI1wU6j2a4JcNKq0aa0GTh9IhxcEJll0FMu2iOAyIHCCrKQpDuNY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba06918c-FRA
expires: Wed, 16 Feb 2022 01:40:46 GMT

GET
H2 200 blocks.style.build.css
www.gazetaexpress.com/wp-content/plugins/metronet-profile-picture/dist/ 27 KB
3 KB 41ms
40ms Stylesheet
text/css 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.3.10
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85121a60fa28046f20d9a0f53aa7f48389804115c109dd8c1ad24b2316483d2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
cf-polished: origSize=27723
x-cache-status: MISS
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Sat, 22 Feb 2020 23:34:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cXFeGTJ2O4hv3aCH%2FLj3a67Yn%2FDvRYEZ%2B0gN5DxQW%2BnC9ePVSEbSwm5XeF0cdTnzelV87eCmECwEbVFX39rqRas66ISvxjT%2F7wQyqwuLlRv6u%2B9vFjMWcj%2BTc5T3oQYfILoygJqoma8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba0a918c-FRA
expires: Wed, 16 Feb 2022 11:23:02 GMT

GET
H2 200 style.css
www.gazetaexpress.com/wp-content/themes/express6/ 104 B
595 B 41ms
39ms Stylesheet
text/css 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/style.css?ver=5.3.2
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be1276b9fcc751ea3d53906870d6328216238d74a223806349150987dfc7a568

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
cf-polished: origSize=112
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Mon, 06 Jul 2020 07:49:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWKaVt4eOWifW7ndIdURDQYnzR2Nhw9dTNXwziLazkMVpblewpswMvTMiZ1RS4oUg%2FwqY%2F6fzpePy5nokrhGWL9ehzNddaxzC9MrTJ3M%2By6ajDkYEdykxFScjJRPqauIBYHg83DI1eE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba0c918c-FRA
expires: Sat, 26 Feb 2022 13:43:57 GMT

GET
H2 200 mainStyle.css
www.gazetaexpress.com/wp-content/themes/express6/assets/css/ 47 KB
9 KB 41ms
40ms Stylesheet
text/css 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1a2e5ffa0b16b7f55eba0ace46076a613f872f8844dcd9667dec900d5f27e46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
cf-polished: origSize=67115
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Wed, 03 Mar 2021 17:56:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j7PQoHVXEVn%2F2FU6RaTBTYXo9xPi4Tj%2BS1VtU0osCwn%2FGFikgKhvdxrGzl7qd9pWayaB62mz0laX%2FPnPzp95UYLbncy9s6U3kJHGy7HLdHLcIrygd2eg9WepvpZZaXAOSYoRw1Ln7GY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba10918c-FRA
expires: Sat, 26 Feb 2022 11:23:01 GMT

GET
H2 200 bootstrap.min.css
www.gazetaexpress.com/wp-content/themes/express6/assets/css/ 152 KB
24 KB 35ms
34ms Stylesheet
text/css 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/bootstrap.min.css?ver=5.3.2
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9ddd1e64827cb0fa09d74aa581ecfd468212261fa170ec9baddbd678389b342

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Ho4Ug%2F7OZPDzG%2FsqGBtx6eBdGQYEdHBoe9C31Ny3IuHiRSp%2BOUaSL00gfKq9V2TqVsX%2BfevFR5pXyl0eBQCdqiOPwcWYE1XjoVQE9Q0VEkIhcyJVtwjuUo%2FXxpZlU7KzCFM1yvUoZg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba14918c-FRA
expires: Sat, 26 Feb 2022 11:23:01 GMT

GET
H2 200 owl.carousel.css
www.gazetaexpress.com/wp-content/themes/express6/assets/OwlCarousel/dist/assets/ 3 KB
1 KB 31ms
30ms Stylesheet
text/css 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/OwlCarousel/dist/assets/owl.carousel.css?ver=5.3.2
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bf5ec97a26ec5291f86b864fe727de79accd6c0bd484ff3dfe75e74cf3289a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
cf-polished: origSize=4744
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8T1Zevihrx%2FY%2BjFNxMWhhwoZ9InG8FmYOC7lSXO6Eq2Nl4txcKhYJXicshStuIaWRkbjlv6cLMZDRDJf9lDVE9QfzaZoy%2BwayuBIEl8cTanD97Xu9P6pTaQtG4Wld5JKsNbir9s%2Bs4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba17918c-FRA
expires: Sat, 26 Feb 2022 12:30:45 GMT

GET
H2 200 wp-featherlight.min.css
www.gazetaexpress.com/wp-content/plugins/wp-featherlight/css/ 5 KB
2 KB 45ms
44ms Stylesheet
text/css 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/plugins/wp-featherlight/css/wp-featherlight.min.css?ver=1.3.0
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e40ce0930cd0748fb92bc75739f641212565a3f3f2d719c667f90083d07fbaac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 14 Aug 2018 01:52:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BnMFvbnOjJKEV8OTBFCeSEs7KE3uUkPRpDBfU3XbkTPpHsku%2FUxDwQCFrc93yCi7lMQMFjpMU%2Fx4W%2Fb8vyQoxbicwApWRWWCvf4AXK8wTDmUIEVaH6l42Rd2icGMFqnINTH4gs1q%2Bg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba1c918c-FRA
expires: Sat, 26 Feb 2022 04:01:58 GMT

GET
H2 200 jquery.js Show response
www.gazetaexpress.com/wp-includes/js/jquery/ 95 KB
34 KB 42ms
41ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
cf-polished: origSize=96873
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Wed, 04 Sep 2019 23:48:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1oJzjS%2B5xAxM0o7z65A6DXAW5cvrqvBeF9jJyCDLaV6%2B4icbqms7lyZpHncqxmpiFAJnBFNhx1xofxEMkgVtSOE%2Fq6Rd1yLgA9u%2BGRrePbdqBM2qUEa5mi9VGozXizxl%2FY4pv09Wlc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba1f918c-FRA
expires: Sat, 26 Feb 2022 12:33:53 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.gazetaexpress.com/wp-includes/js/jquery/ 10 KB
4 KB 41ms
41ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Fri, 20 May 2016 05:11:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fOQEowWsSP%2BbLeStDkmg50hsEeziu2xKu3KQbz0nb6r5tMkfL%2Fv%2BPU219BD093qO5P7TIWYzMVgNIL0%2Fm6b91t0fhxgglEEohW8O58n6q2jMAFErgR%2FlF6h27DedQn9VDpAa5NrV7lg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e50ba26918c-FRA
expires: Sat, 26 Feb 2022 09:34:28 GMT

GET
H3 200 invisible.js Show response
www.gazetaexpress.com/cdn-cgi/challenge-platform/h/g/scripts/ 42 KB
15 KB 71ms
67ms Script
text/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2988eefac4d294f3afb945f45057d49ba53662c2408e9927b59e5d6fb8e45b71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txmdCiQR2wSOwLSjfOTAYLREsAOqg0h3sq8bOoiTSbkTDqG%2B0RtE2PKojayqsisrVOguUPpvb%2Fa1GnRu2h0u%2FaVMmgacuFRhT%2BkzrxGK2B6oGfydAY%2BfhlEjRWfJ9fa7OBwOgugwTQI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6e285e525cfb92a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200 0a3b5987.js Show response
serv431.com/ 36 KB
13 KB 395ms
132ms Script
application/javascript 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://serv431.com/0a3b5987.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: fef7c3eed906d6262687bdd1a5cd8f08c88b80368b5368bd6af84b0f694a2396

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
transfer-encoding: chunked
accept-ranges: bytes
etag: "085d6320d2a63bf94706fdf85f6662fa6"
vary: Accept-Encoding
content-type: application/javascript

GET
H3 200 express_logo.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 5 KB
2 KB 26ms
21ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/express_logo.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 202b60c49aaffc7e0f217e44c76e1294a5ddb44cfd09d3dd4b3f6fd3b2361f01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sP0ibMheMawUfK0KLd1DK%2BJ4tdpnkEzwkcHA%2F4CKzKLwlK7cO%2FosJrB8K8UUill5M6ViPrcm1c2ImZ7uddJ6pPIk9RL8bSs3WpKtQtakxOFrDIeermUzpEO1xoSevTWVsOtEFQA15rs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d0292a7-FRA
expires: Wed, 16 Feb 2022 09:09:34 GMT

GET
H3 200 world.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 2 KB
1 KB 27ms
22ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/world.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36234dfc3643d15135aa25829d06d32fc1a843e9bec39b64ca0ffec08eac4a45

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ffAh0N6SIXvwLhAs56pJckqHt7IcD73UvyPc938CqAf0GPIrQH7tzQ4uv6LtzVKet8SJdyNG0PTuCv%2B1fpYsma4AsGAdHXmi6Q0yxEgbhlE3uZCrdiIhJJiNFXrkBADeohMpHVLqeE0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d0592a7-FRA
expires: Wed, 16 Feb 2022 09:22:47 GMT

GET
H3 200 noun_live.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 4 KB
2 KB 52ms
47ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/noun_live.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8b437d60188c442585796d764a8553f266fa878437b96be8009a1642e6cf278

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3cVT6B5uS706FHl9sNp95B%2FkcLR3IPXLKFboIk2A%2BcbVeELSiibHbtuWD0jp4kHaebCmNVpbDj635PZWtZsN6Yak6HI5Lc3d6qKdZePfZKxZZ%2FIgj8oZWp0yDYaev0q82oPnuYTXHj0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d0892a7-FRA
expires: Wed, 16 Feb 2022 10:23:55 GMT

GET
H3 200 search.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 509 B
886 B 52ms
47ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/search.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9dfec6c7e2254959d01350a2ea2f613ddaaf9e92249d7bb13b75b4dd0837c534

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aP0gEXkF1vWkq5OCmXN8dScbhdLXF0DAd8gGK2CjraePdjMPvWis4p4w6ENq0mzBoCFERiIOlL9prYDaa1sSiFijk82GKLTOPZiU%2BfZiadoAP4CKjPMM07udToGBtsn%2BLqxOzayQWBk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d0992a7-FRA
expires: Wed, 16 Feb 2022 07:51:44 GMT

GET
H3 200 youtubevideo_icon.png
www.gazetaexpress.com/wp-content/uploads/ 8 KB
9 KB 52ms
48ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/youtubevideo_icon.png
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 374185e53bbef45445536ca0bec29e8ee94dd9c3ef96914dfa69a13447964ca9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 21:40:59 GMT
server: cloudflare
age: 683256
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNGV620MJEE3u%2BJbOjzOa%2BFbfM072Km6OIMuXE5iZtGwJSDg3FLiUfk0clCUPNj6uBcYexK%2F7RQYB7Z91ORkmwal%2BoOQJZpsry3SzbxRrS31ndOZR%2BL2Xrgxbgdtwyk7ApsV5RjChNY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e525d0c92a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 26 Feb 2022 02:06:19 GMT

GET
H3 200 express-logo-author-96x96-1.png
www.gazetaexpress.com/wp-content/uploads/2019/04/ 7 KB
8 KB 32ms
28ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2019/04/express-logo-author-96x96-1.png
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ed7d434cc3f89a09a5fb5385a44b646a302cc0e7f4a09f84f55dfeb14d1f100

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683240
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Sun, 23 Feb 2020 20:44:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KUUp90duCLGrA5QlH34MvC%2BmuXemxogvtojbK1NJOsH%2BZh4gnK6yrwsjXb%2BgUGCKIfAzrkiK2czcA44c44bVQVMgHGXDX7DBr1W4Z%2BHeSLSCl%2BnVc3N2l159txJ0zNV2uRHU7egC24E%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
cf-ray: 6e285e525d0d92a7-FRA
expires: Wed, 16 Feb 2022 08:02:22 GMT

GET
H3 200 Screenshot_3-31-600x360.jpg
www.gazetaexpress.com/wp-content/uploads/2022/02/ 33 KB
34 KB 36ms
31ms Image
image/jpeg 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/Screenshot_3-31-600x360.jpg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82cc1ddf2e85c5cc94d1573cc0f0496cb79830d7c79a9c72a156038dc9f5d4c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 28
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Thu, 24 Feb 2022 11:30:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2BelyB6fcNscWtQmsbqC23TUB3JWwodnnE5asMZNKn8MhdGWbgeUaQuW%2F50DgOjfCv%2BJlJiKDX84D%2FBdoPunAU4mYJIrGC%2FojUYZNtDZsHu7mHH3%2BNx2Y7iRgKMg%2FYUuT3nbUwkotY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
cf-ray: 6e285e525d1192a7-FRA
expires: Thu, 24 Feb 2022 11:31:07 GMT

GET
H3 200 000_323T8ER-600x360.jpg
www.gazetaexpress.com/wp-content/uploads/2022/02/ 62 KB
63 KB 31ms
26ms Image
image/jpeg 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/000_323T8ER-600x360.jpg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0198786a35af6ca7577002fcda07c6f7f6d3009fef731e0b9c6ef86c77e37c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Feb 2022 10:03:32 GMT
server: cloudflare
age: 5238
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hAj%2F8Ce8OwEZ4RgrFkrOBpMmULNF04XSLGatNDFDfP0OsCRlOh36Bh1qP0KRdOlIuQM2clCH0hGu4JpZSMuzjIwA4YZQEiRqC3AcafZkQ3RDhPs%2BV7VtSbO1qR2D9ghsWBviZsE2oYY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e525d1292a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 06 Mar 2022 10:04:14 GMT

GET
H2 200 gazetaexpress.com.1190148.js Show response
jsc.mgid.com/g/a/ 2 KB
1 KB 63ms
29ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1190148.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 538cb104157f6987b890d1f4701a3bbb121b23fb1ac1d05e5698ee8f1cacd6db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
age: 4933
last-modified: Fri, 04 Feb 2022 08:27:30 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1KYBS62MTRQ61Z7C
x-amz-id-2: TC06VuG+lDCO1hzPdYrh+FwD7j9zEZBsDQrg08Nu9tOgd5fCPbB3IjdeuT51jifKvZIjZkW6/Cw=
cf-bgj: minify
server: cloudflare
etag: W/"196621e34717981c9777a851ae4e18b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 6e285e528d839049-FRA
expires: Thu, 24 Feb 2022 14:31:35 GMT

GET
H3 200 000_323T837-901x600.jpg
www.gazetaexpress.com/wp-content/uploads/2022/02/ 167 KB
168 KB 71ms
67ms Image
image/jpeg 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/000_323T837-901x600.jpg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b19f83dc32533d25a4879b202102cc44d5a2f302b71c91b117104b532ec8aa1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Feb 2022 10:03:26 GMT
server: cloudflare
age: 5224
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gyBUt%2FmfltrEV2uym6uTm8Bnq7Wsx%2FsoZW4mYMOuZRoiggMI%2FhjDTjBLFT06hcgXHbKWE1wFLW1BkwFgU0g3knDbYNkjxMShQ7Vgpw2ZBTr7Y0KgIEZVmEs%2FJYaRsA66wQF9idvJqVU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e525d1592a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 06 Mar 2022 10:04:22 GMT

GET
H3 200 000_323T8ER.jpg
www.gazetaexpress.com/wp-content/uploads/2022/02/ 213 KB
213 KB 26ms
21ms Image
image/jpeg 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/000_323T8ER.jpg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ab8f5d7aef4c5bc9dfbdd8a14d299dab41d0a366e4b37e1e7a7d0661e093162

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Feb 2022 10:03:31 GMT
server: cloudflare
age: 5224
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Yia%2FtbmO4ybdqdNtnOnSZ5mCJNcARRk04bVyHiIQmoiZk9AfbKEZVbbTrr%2BLV3x%2BPdfJHlw5UXJ8tJ7f5YqOAJO60iw6bz8sSs21Xaa3ckShBNCTE3Xa7ckLUUzUK7rHHWqYfBBIzM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e525d1692a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 06 Mar 2022 10:04:21 GMT

GET
H3 200 000_23T82C-1000x563.jpeg
www.gazetaexpress.com/wp-content/uploads/2022/02/ 166 KB
166 KB 82ms
78ms Image
image/jpeg 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/000_23T82C-1000x563.jpeg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b2232745e0aa1c8b091fb127f333883241122c50a99c8e2f665ae4ee87d35ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Feb 2022 10:15:31 GMT
server: cloudflare
age: 4545
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dlp5l4SIsnM%2FHGRt4MW7s89o03EbHuzcZsRPk%2F%2F6JbjXutaPfnViUl%2FfGGwmtgvbgmoMyE%2F779SFldM8Wc%2BiHdBMIaiT3dFSByKJW7%2Fek%2F0xp3zmCzd0zj70Hx1Aum0ebR2AsPFIwQ8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e525d1792a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 06 Mar 2022 10:15:44 GMT

GET
H3 200 facebook-logo-c.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 644 B
935 B 86ms
82ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/facebook-logo-c.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad8dc1681c0451d8590af4d2d08b7b16e4f6edf197f805929d6a85a2be1b622c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sVoHrrRqw5l4s6734%2FF%2FzkQIpbvwpgAuRjFLLTtqAS2LThtXE5%2FCXfNntSQBhXastG4jk4uMDUhePMzdFKrE%2Fl%2BkXCT2GBMzTXhQRU1OQo4%2B%2BpOsMACAIJ3AM6JP1dMKeX6hxKpmOPI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d1a92a7-FRA
expires: Wed, 16 Feb 2022 11:23:02 GMT

GET
H3 200 twitter-c.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 891 B
1 KB 87ms
82ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/twitter-c.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fcc16bf1238724eedd1638bf0937b691bb01d08e585ac5e1db274acb47147c5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CjjOfWXqvZ%2B68dNUeTEEM2iYR2Y1WmzygZ9OscL6ozaTvm%2FM%2FRq07FxhoaNsuGezIBQlV3kBDlgAB0fITuQfwY1WFY7Fyv5H3PneXUXTp9nXtWDcD%2BmZLSH7WAiSPt9y%2BQG0HDvoyg0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d1b92a7-FRA
expires: Wed, 16 Feb 2022 09:22:50 GMT

GET
H3 200 google-plus-c.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 1016 B
1 KB 88ms
84ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/google-plus-c.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58d5dd78af31fedc394fc1576004d11f96384907eaffd5260382daeefe8dccb3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eXlAlU6dYHVKvbDtwUlH2LJZOg2BcFStO30pms851IWbtZ%2BgHi403AwKVHzRkAaV350AOIRfgUGgTSRolX6iszttNXe8wVV0NcyKFuwZX8b2HyjlwXQzIHQ12P64pZdHM%2B5oRsktB%2Fk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d1d92a7-FRA
expires: Wed, 16 Feb 2022 11:23:02 GMT

GET
H3 200 whatsapp-c.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 897 B
1 KB 88ms
84ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/whatsapp-c.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08b562cee19c4ff0e74eeb29a0b4f4013644c02f0cbc6ebf9f22a434cd527807

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGlMrdQYptzhGOL6zzLsVtoOXMc5o5YbEVXx2yEUQd7AKgaVnMA0ASof94xGW6jXmlkjwGX8OiO3ZCmDyXzMUxZ5J9oKjuhG8rr9Brl7p8CJn5zLGZ%2BdeKo9g8N6tXZQgNZOT0OpcGg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d1f92a7-FRA
expires: Wed, 16 Feb 2022 08:17:47 GMT

GET
H3 200 viber-c.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 2 KB
1 KB 89ms
84ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/viber-c.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3ede5c007b843287b8ffd0c398af54969710362e87a04e571f5e140ef2a35ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFxLbd8EldFHV7KVUjlaJdWx%2FtojzmnDkFPpz8rU2WQ5mm%2BZyQq2IZwVVjpyrLGvRSWiYoUCkLE1%2BZ%2Bi6D2mmMfnqFYtTX8AOQS1qmc5zCn9bJzur%2FevWos0gRO9xEoAPHZ0gibjONg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2092a7-FRA
expires: Wed, 16 Feb 2022 11:23:02 GMT

GET
H3 200 email-c.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 1 KB
1 KB 57ms
52ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/email-c.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cbb9be7acdac8ad96d8419b8eb4e7120b05295a42d3c50919370d1fc83547dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjnFfBcab4wg8pLIimUofJcN6mfXUbbDn%2BHViwz83VskFfhuiOV9y8m%2FyV5G7gRPu%2BQMpSfQZRDbVP6%2Fu8%2B0Md9MP5xDaym5EgyHHDjsklrxdsaOX02M9lFadB3Tt20qVRyAZwp9ou0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2392a7-FRA
expires: Wed, 16 Feb 2022 10:19:02 GMT

GET
H3 200 email-decode.min.js Show response
www.gazetaexpress.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 19ms
18ms Script
application/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gazetaexpress.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Feb 2022 13:46:32 GMT
server: cloudflare
etag: W/"620d0038-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvomCQnTdGKc%2B5sH6pH7IcSH27HvPWej9QSns9yukqTOfFDd1AiY4ML2ObciXl6v3pkTvwVMaONyiFsfTrBs0D%2B3mfssvoWT9tirmobGlvx7zBEySHUn2vLdc92B5jFFqHW1CWbOeq8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e510a2092a7-FRA
vary: Accept-Encoding
expires: Sat, 26 Feb 2022 11:31:35 GMT

GET
H2 200 gazetaexpress.com.1002277.js Show response
jsc.mgid.com/g/a/ 2 KB
1 KB 61ms
28ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1002277.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: facda30c07fffae1ead04152922e1b65421e79bec6e2dfa54d21ad3b0ace9e58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
age: 5126
last-modified: Fri, 04 Feb 2022 11:15:37 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: PF7DX1W7YCF16WX4
x-amz-id-2: NeBMMYKeJKNLrpy7xd8KkDjT+xZc7wp6ft4ikZCHtCQMu4UeKdbIxFIjFQsxtQaslnVf3gaJY2Y=
cf-bgj: minify
server: cloudflare
etag: W/"c6e8609dcac54270680776c24f24ba08"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 6e285e528d879049-FRA
expires: Thu, 24 Feb 2022 14:31:35 GMT

GET
H2 200 asyncjs.php Show response
ads.gazetaexpress.com/www/delivery/ 10 KB
4 KB 53ms
38ms Script
text/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.gazetaexpress.com/www/delivery/asyncjs.php

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8590ee2871189fe2bdb44d32ceb04e73194eac8d2785113c8a87c79bcec64f3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e526fc5918c-FRA
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TGbeZwEN6W%2FpTBLieVA2htw1Mdck3cUS8%2FT2FaznnmG9yzsd25Erd1hFbHQftQKxcl7BDNSCL5ex7JSWDButPX2JUJUw57hFUHe8bH2u2pyNTkICTKibY9NLojVtu6xBfof%2BZt07Lz4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
cache-control: private, max-age=3600
expire: Thu, 24 Feb 2022 12:31:35 GMT

GET
H3 200 glauk-konjufca-600x360.png
www.gazetaexpress.com/wp-content/uploads/2021/11/ 208 KB
209 KB 57ms
53ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2021/11/glauk-konjufca-600x360.png
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba512ef98db602354169f125072cf47551a223e30bdbd79d4970c3e30ca7f3e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83554
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Fri, 19 Nov 2021 10:45:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GhpSjllFW4YX8P9HJ8xx8kIOWRdrXafVplCNM8XeWnm5zY%2FOT0giwKsafsixcO3MyIpKSTqBDJSZN7J7uJrKzV%2BSa%2FlyDF%2BDRxzKweLhOX%2B%2Br7A%2FntFQQuODf2rr%2B0aWJx7%2FPR%2FJpYM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2592a7-FRA
expires: Wed, 23 Feb 2022 12:19:02 GMT

GET
H3 200 ukrainaa-1-600x360.png
www.gazetaexpress.com/wp-content/uploads/2022/02/ 336 KB
337 KB 89ms
85ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/ukrainaa-1-600x360.png
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b74535a57fbaa47fc095e0b785720e29a86d8a141fc92d3792047d5b00bf787d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 443
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Thu, 24 Feb 2022 11:23:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NFdsTubntGqLahm1p2jQOuR998X6eKR7beje6XfaCP%2FZ0JxFtI6Rfnoi6sH4tyupGIWNUPIoaPBEozYKsU0KNTs6%2Fhwe8OYcVv5wQQ1sh%2Ft6porCUbJfa7fjXZDAVb55BAlGw7Ki9l8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2792a7-FRA
expires: Thu, 24 Feb 2022 11:24:12 GMT

GET
H3 200 collage-4-1-600x360.jpg
www.gazetaexpress.com/wp-content/uploads/2022/02/ 40 KB
40 KB 95ms
91ms Image
image/jpeg 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/collage-4-1-600x360.jpg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f584b8a0ae2d6937d68844965067259472504a23c30e3ea5c5e6057bb262cdc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 696
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Thu, 24 Feb 2022 11:19:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=moNhipNQIsR56tPIve7inrtgeM0Vk%2B3lpYwlI647zGtlzJI01DbcyEwGwuK53oDgBuOVC%2FyU4mbwO%2BO6LvFjATVOffh0fLZccKwValQYeM59rRz5uqE7K5m9FxAufsMPkW9m738oHHE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2992a7-FRA
expires: Thu, 24 Feb 2022 11:20:00 GMT

GET
H3 200 Screenshot-2022-02-24-at-12.07.44-PM-1024x603-1-600x360.png
www.gazetaexpress.com/wp-content/uploads/2022/02/ 262 KB
263 KB 96ms
92ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/Screenshot-2022-02-24-at-12.07.44-PM-1024x603-1-600x360.png
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba5f27b98341971dc9c7e67ebac8cd95bdbd8b9c6de041d36a639a8d21db1fd1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 879
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Thu, 24 Feb 2022 11:16:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2BAIzktfOQj06lOoRYcjkK4cr%2BKML8akANEPfVkR%2F5ShUjCjEuoP587t1p6Q4xxXEYfC0PP18X40d0tAGKa%2BsgAgy11DdFe6eDF8bM3g58HJXLLarILvkJcU7QyuFQVZ27Pd5CNBlzA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2a92a7-FRA
expires: Thu, 24 Feb 2022 11:16:50 GMT

GET
H3 200 vladimir-putin-1569588.jpg
www.gazetaexpress.com/wp-content/uploads/2022/02/ 40 KB
41 KB 100ms
96ms Image
image/jpeg 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/vladimir-putin-1569588.jpg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e43c0507c2b3f247c1748237b1e7db8ba86d0c8c128b66180591409031f5532

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 960
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Thu, 24 Feb 2022 11:12:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YXDCXYLgaK3PJY95pYwdWrLP828Ke1fahK9emXYz8QbbAZnHYXghw5rNzjfGMFGhT1uQA7zHhjdI0ZKN0WkjY%2B8mzvTkdgU2SXB1vtSzg2tMqec6F3F4hxZoV4NtfjF7Pgb6RI%2Fo7kQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2b92a7-FRA
expires: Thu, 24 Feb 2022 11:15:36 GMT

GET
H3 200 gazeta-express.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 8 KB
3 KB 100ms
97ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/gazeta-express.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31dba1aec81e6b14d4ba4c8ff7974e33f480719a71ea60d42361c49b59c0a2d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rP6%2FeIDnmDLqVEI2SG7HVVIlAnXg5LkejB8407oNd12RSkW7D9gedQ8VQnPkZIx21R4ytIdrd2XdJ2i3oG1xPBR9ouw1gUg8hDw%2FBrO79a2bl0qKGDUk3tw6utmCYc2TG2vcAPauAl8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2e92a7-FRA
expires: Wed, 16 Feb 2022 11:23:02 GMT

GET
H3 200 facebook-logo.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 604 B
916 B 101ms
97ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/facebook-logo.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f7ef35bdb15376d58e3ea16190d1d92a0379ae2f5b0b0108d393369dd09ed4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BqF1e0c%2BzDlcBzHYWFdUMOkKiwSc9QOIfmtZsoVjyczYnTmwUUVwnKwXJTSwifb0B9r8Ff7CCDbo5fc64%2FbuEKCB2ElzrWVX%2B42xSwy%2BkfCOfNlE%2Bi0P0%2BmhtvuN12la6AFpGZU%2BJdE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d2f92a7-FRA
expires: Wed, 16 Feb 2022 11:23:02 GMT

GET
H3 200 twitter-logo-silhouette.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 850 B
1 KB 101ms
97ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/twitter-logo-silhouette.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc6f9465b51ddd159e5268944a013f29114cde4d11265d63ebbca2ee91081f70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BuSAmxWUZ4yOB68BUZ%2B8iz2ABJI%2FUxU8M90xYHZn6Ra8xqxTnv%2BxtA%2BgJTrbm0ZpR%2F%2FBjvozEB58g%2BAwz%2Bcsy4wKWqetWlgmxKRszDo6VuB046atQiZJqvgaswBZlr%2F5tR%2BxXIOH8o8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d3292a7-FRA
expires: Wed, 16 Feb 2022 11:23:02 GMT

GET
H3 200 instagram-logo.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 1007 B
1 KB 101ms
97ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/instagram-logo.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6be4aeb8ab5cffa42a0f0ad08a780289db5dd6d9d72ca1d0d8c83f3590b50901

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7v9SsuM5xtWCinLCsFugc5dNC8OcXWv7NMiioy9ROCQX1nf7yIkOAwCYvupX70dGdG%2BzGPyJg88PIIiQW%2BfdK%2FkZAS9JJmb%2FCiiS807cqvWKGeQ0HVXyJRT4LX2bsXUvwMmeV6FuPYA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d3592a7-FRA
expires: Wed, 16 Feb 2022 09:22:50 GMT

GET
H3 200 youtube-symbol.svg
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 612 B
912 B 101ms
98ms Image
image/svg+xml 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/youtube-symbol.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f370c1978c064ed715099f885066fa3d9dbe18cc821186883ff35782418ff565

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNYgpuyBZNJvPTeqT81wVlTjglKZlu90hpPDol5iE0clyj1rbX1kdYwW6D8h9s173sPpt31VS3zcvvdzlvha9CvMyaOVO%2B2MG8ELeryAvAn9sbqAwIE6KUieyRPyVnKx%2FiLZRVLkPrE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 6e285e525d3892a7-FRA
expires: Wed, 16 Feb 2022 09:22:50 GMT

GET
H3 200 logo-shkabaj.png
www.gazetaexpress.com/wp-content/themes/express6/assets/img/ 8 KB
9 KB 101ms
98ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/img/logo-shkabaj.png
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fd7e4addfa6af607117bf218a0bee89074525db02f98b9389efa3cd8e6d1b84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
age: 683256
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jU%2BfLujooI9pag8YJitUihtL%2BE%2Fm6TlVKYqJss2fMhdvGIHfUG8D6iakm9UO3c16mUTXKYUgox%2BQGlBz02CVuMdH4kQtd1QKsuk3fF4XMtTqfbPBFNbu8TFNTvLa%2B5456bgY0l%2F4oPQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e525d3b92a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 26 Feb 2022 11:23:01 GMT

GET
H3 200 owl.carousel.min.js Show response
www.gazetaexpress.com/wp-content/themes/express6/assets/js/ 43 KB
12 KB 23ms
22ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/js/owl.carousel.min.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pBdBvUGqyugXo4Euk7yIwRYscD%2FYm0RahGc4KTnwRdvhT90zAvgO2tUGc8Irh8kX%2BL9c16OjlDDxoe%2BsSTp6xHTSiHxhTbCtgCqmtD9h6utstRG%2BOaunk8oJqwPdZfTFIP5uJSvA60c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e512a6792a7-FRA
expires: Sat, 26 Feb 2022 04:11:40 GMT

GET
H3 200 main.js Show response
www.gazetaexpress.com/wp-content/themes/express6/assets/js/ 9 KB
2 KB 26ms
26ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/js/main.js?v=1.0.9
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86960b92c227276b7ece5da51dad789ec45424f1294bc5884cacaca7d44cc595

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
cf-polished: origSize=11722
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Sat, 24 Jul 2021 10:24:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcMPpvD0szOYlLmtiaFz8eEvrNrNOhD%2BOW9T8eqVY2btd29GHiJ0cXkYkNpNsuVef9iIfMLNwVkT2%2Fhf%2BKvwKvW8qSGKgPfIu9MLO%2BTjZNCAtb1s6ezjpWLXAbp3zByFz7abRqsJnRw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e515acc92a7-FRA
expires: Sat, 26 Feb 2022 11:23:01 GMT

GET
H3 200 bundle.js Show response
www.gazetaexpress.com/wp-content/themes/express6/assets/js/ 2 KB
1 KB 56ms
56ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/js/bundle.js?v=1.0.5
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1b8a7a342a97c83b3d9735d6e09d9b38d4139246d8d02c8f17098b4ecac72d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
cf-polished: origSize=3713
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Mon, 16 Mar 2020 11:55:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X1dBd%2BVRnUZ1yzqT8d04P%2BMchj3Pmhz8QJVpkMYfAYIEkZs0VHh9qdGbxNndQLzO%2FxOaI0oyf7pHJGTWDNArq2g6MYKC3QiIl8oeTNqHaAOdyUURhDc3ybJ%2BIBRxgE1DB2g97EI96Ag%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e518b2c92a7-FRA
expires: Sat, 26 Feb 2022 09:49:08 GMT

GET
H3 200 mpp-frontend.js Show response
www.gazetaexpress.com/wp-content/plugins/metronet-profile-picture/js/ 290 B
775 B 24ms
24ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.3.10
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efbc00575f13f02c406f902fe55444cc283c09ec68d4404dc82c9ed7b23ad053

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
cf-polished: origSize=331
x-cache-status: MISS
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Sat, 22 Feb 2020 23:34:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qgAQNUsDIqh5O77xbO%2FlaBGMxyc9qJyrS6p0peuoC6uJ1UBGccZw431oNNgr63N2b92odniBRcgMeo1AQurnfw1ldqBb4vE9QVrAXflXFo7yFPHNjg4kACdm6EJ3gmheSnBmnKfCpG4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e524cd992a7-FRA
expires: Wed, 16 Feb 2022 11:23:02 GMT

GET
H3 200 wpFeatherlight.pkgd.min.js Show response
www.gazetaexpress.com/wp-content/plugins/wp-featherlight/js/ 14 KB
6 KB 24ms
24ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/plugins/wp-featherlight/js/wpFeatherlight.pkgd.min.js?ver=1.3.0
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76a90135a3f44e3108f3a857d9bc86327de6be031917368293a94cd5a6935ef8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Tue, 14 Aug 2018 01:52:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZZ%2BywWEkVMGBF4uYm7eub7Tk6wSaMh41RiyUW5ACLmhLMpE%2BgDwepwr0sBJsIQHbXDiCYUw9vXjnd5CVfrFtCED%2Bg99Xswt3TaaJP%2B9PwrcG7PgGXTNx7AD2Omf%2FcWkIloJm6MzRokQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e524cde92a7-FRA
expires: Sat, 26 Feb 2022 09:21:50 GMT

GET
H3 200 wp-embed.min.js Show response
www.gazetaexpress.com/wp-includes/js/ 1 KB
1 KB 26ms
25ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-includes/js/wp-embed.min.js?ver=5.3.2
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Sat, 22 Feb 2020 23:32:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uk%2FVHoCpx0mlP8dhyW%2F6u3%2BjJYtebO7o2P4rGo5%2ByRXTvtVGRZpRFto%2FdwXIFpkSST5fXhvEgyvIsV0IxqrFWAmlbpnTXk4kXvOzAhXKgDJt9ZaEBFTwdTr1kG05gd1V9wIhGFkgAws%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e524ce592a7-FRA
expires: Sat, 26 Feb 2022 09:22:45 GMT

GET
H3 200 U-7Baa56EnJJkA-3VT33cT_3HbI.js Show response
www.gazetaexpress.com/cdn-cgi/apps/body/ 4 KB
2 KB 103ms
99ms Script
application/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/apps/body/U-7Baa56EnJJkA-3VT33cT_3HbI.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/cdn-cgi/apps/head/y7fSIC-Nar-PQDdmdwDlbGcPmlk.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6927908310a9d8ea2a4e5594452cefd9dc8c8aa71bf101c4d497964b16efedf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ASE56KFFV7FCDECG
x-amz-id-2: 9aHdW1vfrGfTP+E04dhgEDoQZh1ROzS9zmNMkoLieerNfYKZQtVhCiLIsmD755KGtN4jWfPosKo=
last-modified: Tue, 10 Nov 2020 13:59:34 GMT
server: cloudflare
etag: W/"a48224d294929710ccf63815c082d82a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jEoJ0K45HwWmfBUUilyeW10NdciqhH0H4y8%2FFE9szZkw5AiOD1HLnJo9jN%2BwBREkfTn%2FoYPkZcabRjqEenEIIXx9920S3%2BAV%2BezDE5%2Bn8%2F4Jre2bDSk1OMtXcYnYlIG9duEe61CKpvk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: OdY.zUSDblunDdofCPVQz2xapN1Ewriy
cf-ray: 6e285e525d3c92a7-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 131ms
38ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 7002
date: Thu, 24 Feb 2022 09:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 24 Feb 2022 11:34:53 GMT

GET
H/1.1 200
OK atrk.js Show response
d31qbv1cthcecs.cloudfront.net/ 4 KB
2 KB 37ms
8ms Script
application/javascript 143.204.98.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-58.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 27 Apr 2021 18:07:27 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
Server: AmazonS3
Age: 26155449
ETag: W/"d89453438fbf10dcf4c13265c40d5160"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 ef13dd533b8dc9dcfdc35449cf88f808.cloudfront.net (CloudFront)
Cache-Control: max-age=26920000
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: aYYy5FqPZ7Faj27qB7X04xDKJjTePi214TGHsMG9s-ISS3ZMHQdcXQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
26 KB 27ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: ELoZO8fNe2dpnsFgX0s/UVRhGH8ibYjpd9TjusCnnNOixtof/TVICvhFrg/6KUAAXtC+TvIMl/+bsemZW++Nyg==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Thu, 24 Feb 2022 11:31:35 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/mediaworks/ 167 KB
24 KB 37ms
9ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/mediaworks/loader.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 206e97ddcf07597e0fc514ba8bb4c266cc3847398416b079978bfbfc096f16bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: Wkc_rZlNQmNTCKBRxLriGeFlsoO3vY.7
content-encoding: gzip
age: 5410
via: 1.1 varnish
x-cache: HIT
x-from-cache: 1
x-envoy-upstream-service-time: 9
content-length: 24369
x-amz-id-2: pUqbvFmds6Giv/hxU0/Bs0fJSv8ok6FZyf2kvGdHmj0MtBT87DUWqavJhtGjKKuQCUy/bJAnGWU=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 10:01:25 UTC
server: nginx
x-timer: S1645702295.489939,VS0,VE1
etag: "f4c139e7ef25463a540dbb5c47fa9990345fdaa4"
vary: Accept-Encoding, Accept-Encoding
x-amz-request-id: ZWZNGJ5H2P6MKMM1
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
date: Thu, 24 Feb 2022 11:31:35 GMT
abp: 19
x-cache-hits: 1

GET
H2 200 teads-format.min.js Show response
a.teads.tv/media/format/v3/ 600 KB
132 KB 13ms
9ms Script
text/javascript 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Requested by: Host: a.teads.tv
URL: https://a.teads.tv/page/76285/tag
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3cf937ed4a4f526cd52b17faa5df04a7a5613867d7eb3c367f5dac5423182866

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
last-modified: Wed, 23 Feb 2022 15:34:20 GMT
x-amz-request-id: J69N0BW0M97R7CVR
etag: "860018e15f83670b24cd3d30e8c4b2ee"
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: private, must-revalidate, max-age=1800, no-transform
x-bucket: f
accept-ranges: bytes
content-length: 134154
x-amz-id-2: AVInFA//Rr32k1OQN3Dg0670qZy60E/ttd6kTk5vuHFGM8u2/ZASFEj37zNOi0Xt3ex1qXOLYtA=
expires: Thu, 24 Feb 2022 12:01:35 GMT

GET
H3 200 wp-emoji-release.min.js Show response
www.gazetaexpress.com/wp-includes/js/ 14 KB
5 KB 102ms
99ms Script
application/x-javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-includes/js/wp-emoji-release.min.js?ver=5.3.2
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683256
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public, public
last-modified: Sat, 22 Feb 2020 23:32:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gEVdxTc4Oq6LHQa319Bn41Q6IAXVXFNm5JIKt0HLo4HCQAG61eaGZKAwPulXO5dwRWIAz95yqm%2FanXqJd8ZA7TrDDohS9rNSp5ievHAA2BaJTKxouokDZzr7Ic3R6mIbMwohUpWco%2BQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=31536000
cf-ray: 6e285e525d3f92a7-FRA
expires: Wed, 16 Feb 2022 04:10:53 GMT

GET
H3 200 Raleway-SemiBold.woff
www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/ 65 KB
66 KB 102ms
102ms Font
application/octet-stream 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/Raleway-SemiBold.woff
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 658c14d9b1f327a4c44cc3295d08584eada1e2d086497f748ad972799f4e4fc5

Request headers

Referer: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 66524
pragma: public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNjrnXBwOqVL%2BSwLCgnUlKl2SY6PvgIIblWdFcUMKuDVTFrLpt0oIV7zqYjuZboyQLuV5Ot16Ue5WT3uNLK%2BYiHoiOUVZ3iRuiB3VqUzi%2FZ2noCHUeYN2C0p9xDuV7x8dPNZ0EVCCJc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e525d4092a7-FRA
expires: Wed, 12 May 2021 08:32:13 GMT

GET
H3 200 Raleway-Regular.woff
www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/ 64 KB
65 KB 103ms
103ms Font
application/octet-stream 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/Raleway-Regular.woff
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 760042c74ca436460ec38ee573383b5eb120a272f56e2ed526a62b7757eacd22

Request headers

Referer: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65692
pragma: public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tocwnVG%2BPMJ6A6HJ9e6ZPXPGedqxZiEYQ2ARUwkJn50Uv4iBwtoaLuxPwLLEtxVmfY%2FX6S%2FCYR0H4mEAc7yNnAAJN8c7De03bzVLMl6VPz%2FyoY%2BMhEm7ZLz%2F8%2BnzLGGAaukf%2FVF%2Fw98%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e525d4492a7-FRA
expires: Wed, 12 May 2021 08:32:13 GMT

GET
H3 200 Raleway-Medium.woff
www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/ 64 KB
64 KB 104ms
104ms Font
application/octet-stream 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/Raleway-Medium.woff
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e4af100a42dd45aa66377c48b24edb4ddd16831513508917ec5e87e0ab98600

Request headers

Referer: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65280
pragma: public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtGYVktqLsma33cMeqwwZAV1rv0RuALug1CypVEAUwBmFzDF0SB1mOXCea9EAm4qH58Q2idAcKOc6fvIde7DTQRf0BNl%2BKtdEofr2gP3ylombG9M4lBPNc5evIIxJT%2BPLvsxQC5ihN8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e525d4892a7-FRA
expires: Wed, 12 May 2021 08:31:20 GMT

GET
H3 200 Raleway-Bold.woff
www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/ 65 KB
65 KB 88ms
84ms Font
application/octet-stream 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/Raleway-Bold.woff
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ee01bd79e58c77dc4276a96fa5dcbe396c024538353c216894c5d6abcf2b6e1

Request headers

Referer: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 66240
pragma: public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J3e4IaDcqQUtLEkuFXtNYRnNUcshxiIlj1ekbyiQHokFBBh3i30TsLD1N13PbAjuvJs5Yil06rHVa7a7nNzvI0XMBnxPdtvVRKz3IqGEpJfBKv5ANjWtdIiGeH1PPS0f1EF4r1SfkR0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e528d9b92a7-FRA
expires: Wed, 12 May 2021 08:31:18 GMT

GET
H3 200 Raleway-Black.woff
www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/ 63 KB
64 KB 80ms
78ms Font
application/octet-stream 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/fonts/Raleway-Black.woff
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd857341e3bc19e8c375e272b2d0c5456d7e01f3f15329dd03bb9b3333e6fb32

Request headers

Referer: https://www.gazetaexpress.com/wp-content/themes/express6/assets/css/mainStyle.css?v=1.0.34&ver=5.3.2
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 64872
pragma: public
last-modified: Tue, 10 Mar 2020 14:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2L4rJgha%2BqonoxCafpYHPl8AxlOuH4OqM9wfcQwMm3njyjbu4BWTI4ye0R%2FV8QknYG6XTHex%2BagDJFhnTekJXkpR9MxUXIfjRLEiG2HtHuyKiPW7Hb4xqSCT5Srk9ToCG5m%2F6CgHp68%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e528d9f92a7-FRA
expires: Wed, 12 May 2021 08:32:13 GMT

GET
H3 200 thumbnail_Pakot-PRO-600x360.jpg
www.gazetaexpress.com/wp-content/uploads/2022/02/ 31 KB
32 KB 53ms
52ms Image
image/jpeg 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/wp-content/uploads/2022/02/thumbnail_Pakot-PRO-600x360.jpg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10bd74a09492dc854fdc2bd3a3b5d595630d7d0351321a7c46f79727a334a8e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:35 GMT
cf-cache-status: HIT
last-modified: Wed, 23 Feb 2022 16:26:46 GMT
server: cloudflare
age: 68663
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2BQ3I%2B7ky1hxlFkMGUlQZ1ifTvZu9LnunsjmN%2BZxgjRclWjkprThm3d1Ln%2BoXfwiE1RiYjcSdsaGcqul5p2WsZ3n7eSUlDLbLf09bKwUtt1wD0johaAbFQMuvbUFwgoD3GAGleqlUzw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e52ae0692a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 05 Mar 2022 16:27:09 GMT

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ 43 B
552 B 24ms
7ms Image
image/gif 143.204.98.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=AFP%20sjell%20pamjet%20e%20njer%C3%ABzve%20t%C3%AB%20vrar%C3%AB%20dhe%20nd%C3%ABrtesave%20t%C3%AB%20shkat%C3%ABrruara%20n%C3%AB%20Ukrain%C3%AB%20pas%20sulmit%20rus%20-%20Gazeta%20Express&time=1645702295562&time_zone_offset=0&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&random_number=21461094488&sess_cookie=6b65d1c317f2b80300983f19201&sess_cookie_flag=1&user_cookie=6b65d1c317f2b80300983f19201&user_cookie_flag=1&dynamic=true&domain=gazetaexpress.com&account=OPTMe1aoiI00Ua&jsv=20130128&user_lang=en-US
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-46.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Thu, 24 Feb 2022 03:50:21 GMT
Via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
Age: 27675
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA50-C1
x-amz-meta-alexa-last-modified: 20110117123941
Content-Length: 43
X-Amz-Cf-Id: C3SLAqMIopz_DLY5kHaBqmIVice6qgAZVZuaNV2LjKY9SV5Q7GlujA==

GET
H2 204 x.png
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/ 0
48 B 569ms
168ms Image
text/plain 54.69.214.140
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.69.214.140 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-69-214-140.us-west-2.compute.amazonaws.com
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
server: Server

GET
H2 200 projectagora.min.js Show response
aghtag.tech/libs/ 277 KB
82 KB 48ms
22ms Script
application/javascript 2606:4700:3030::6815:1b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aghtag.tech/libs/projectagora.min.js
Requested by: Host: agorahtag.tech
URL: https://agorahtag.tech/c/gazetaexpress.com.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:1b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e700bddd1405ed9feb6cca2523254b13b0bc2191f0728170099746792e7caa8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1290
cf-ray: 6e285e537bbb6977-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 82685
x-amz-id-2: 07Gn4UgL1fvr6OcplgY9QNWKTd3k2NxXtSSus0mt0uHd/xKeSE+523pA9MbzqpO0w75mdPYmM3M=
last-modified: Tue, 22 Feb 2022 14:51:02 GMT
server: cloudflare
etag: "bb5843fcf1d36f23d43ddf1e00f66ab5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jnEasFvvcs2Dh2y8GW4W3VX73g%2Fk5lrOMpsr6HOjHLFuAtfj2Q2aArdSxFXwPkhY9N%2BkdEODD9wLr3tIdMs2gz%2BWRjuya4w0UmxgMRJMz2VPC0WCY2uwGOtm8BDNJWjLVMI6oxrUQgXP3w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 0G7NY0CTGQ1KDHFW
cache-control: max-age=14400
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 track
t.teads.tv/ 23 B
113 B 141ms
58ms Image
image/gif 104.107.161.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=placementCall&env=js-web&auctid=5a15641a-04a9-4345-9e4a-997a54876da0&pageId=76285&pid=82609&debug_metadata=ZV09CSiZcU&fv=996&ts=1645702295616&f=1&referer=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.75 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cache-control: private, max-age=3666
content-length: 23
content-type: image/gif

GET
H2 200 track
t.teads.tv/ 23 B
143 B 142ms
60ms Image
image/gif 104.107.161.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=slotAvailable&env=js-web&auctid=5a15641a-04a9-4345-9e4a-997a54876da0&pageId=76285&pid=82609&slot=native&fv=996&ts=1645702295625&f=1&referer=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.161.75 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 23
content-type: image/gif

GET
H2 200 ad Show response
a.teads.tv/page/76285/ 538 B
576 B 42ms
42ms XHR
application/json 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/page/76285/ad?windowWidth=1600&windowHeight=1200&windowDepth=1&windowReferrerUrl=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&page=%7B%22id%22%3A76285%2C%22placements%22%3A%5B%7B%22id%22%3A82609%2C%22validity%22%3A%7B%22status%22%3Atrue%2C%22reasons%22%3A%5B%5D%7D%2C%22player%22%3A%7B%22width%22%3A824%2C%22height%22%3A464%7D%2C%22slotType%22%3A%22native%22%7D%5D%2C%22gdpr_iab%22%3A%7B%22reason%22%3A220%2C%22status%22%3A22%2C%22consent%22%3A%22%22%2C%22apiVersion%22%3Anull%2C%22cmpId%22%3Anull%7D%2C%22segments%22%3A%7B%22permutive%22%3Anull%7D%2C%22first_party_data%22%3A%7B%22firstPartyCookieTeadsId%22%3Anull%2C%22sharedIds%22%3Anull%7D%7D&auctid=5a15641a-04a9-4345-9e4a-997a54876da0&formatVersion=996&env=js-web&netBw=10&ttfb=198
Requested by: Host: a.teads.tv
URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b8acc921d0bb083c7bc07c043e97cada772fcea11a5873774647737f241ff272

Request headers

Accept: application/json; charset=UTF-8
Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 365
expires: Thu, 24 Feb 2022 11:31:35 GMT

GET
H3 200 gazetaexpress.com.1002277.es6.js Show response
jsc.mgid.com/g/a/ 253 KB
72 KB 65ms
40ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1002277.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1002277.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 439c15719fd95c4f95dafb40d8d669534bb8a04429ec570d6f7e0ac73e727627

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
age: 3271
last-modified: Fri, 04 Feb 2022 11:15:37 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: TNJTV2C13Z2KW1VX
x-amz-id-2: +Y2f2+6Gc4RQZueu0k/1lOZbLHz0qxNLu0rD8oUg/j9kvMNdyfYGv6EP+EHB+/00uh7OVfjP9Qw=
cf-bgj: minify
server: cloudflare
etag: W/"d2c460620f896a7cd31abd747a6e00dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 6e285e541aff9143-FRA
expires: Thu, 24 Feb 2022 14:31:35 GMT

GET
H3 200 gazetaexpress.com.1190148.es6.js Show response
jsc.mgid.com/g/a/ 236 KB
70 KB 73ms
56ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1190148.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1190148.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d47db5dc03dbeebb22d6d20aea28f3470cf7c57eac779edfd8fbf958f75672d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
cf-cache-status: HIT
age: 3271
last-modified: Fri, 04 Feb 2022 08:27:30 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZBHN386W2GANZKEK
x-amz-id-2: HOtT9DO5eZY6R4dgNmLDXaooIbBIER/S7FxQdzkE7UdLaTQkX4dXz0H2GHyEwsnk33euL+7pwmA=
cf-bgj: minify
server: cloudflare
etag: W/"b334e45344b756753a8cd5012ee37692"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 6e285e541af89143-FRA
expires: Thu, 24 Feb 2022 14:31:35 GMT

GET
H3 200 260200548443713 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 19ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/260200548443713?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

189bbf954aa1e1351dce2d5f01b70f79bc193f9737af3d6d950d0ce64c60dd27

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89094
x-xss-protection: 0
pragma: public
x-fb-debug: ewas1i9Tg0hImfBN3lVqoRB51rVCwFMPP/i+9YWD4GwYI3bEEenGbvotg+W0bDxO5D5U4+6odgquyXakiQ3SRA==
x-frame-options: DENY
date: Thu, 24 Feb 2022 11:31:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js Show response
cdn.taboola.com/libtrc/ 618 KB
128 KB 11ms
11ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/mediaworks/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: d1fa3588ef1e4af46d8cb998d36a076f1e5b3488ae0a10c201bb2e8a6a72a617

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: qHUfGxsxF._KpeNFdiIdvkdEnsQgeft4
content-encoding: br
etag: "ccbbfc11a1f98ca210a82b96727f3e73"
age: 12978
x-cache: HIT
content-length: 130768
x-amz-id-2: DBafxK00VSBL+vGHdsYQwiGUMnf38vyfc8OKixhxsmHZzF97ODHtQlBaX/qbThVedhtnkiK6Bv8=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 07:34:14 GMT
server: AmazonS3-br
x-timer: S1645702296.702054,VS0,VE0
date: Thu, 24 Feb 2022 11:31:35 GMT
vary: Accept-Encoding
x-amz-request-id: NDF7PGP8NH3PT0ZT
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 95
x-cache-hits: 194

GET
H2 200 tr5
cdn.taboola.com/libtrc/ 3 B
78 B 10ms
10ms Image
text/html 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=lazy-load-tags_var
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1645702296.702095,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
content-type: text/html
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 93ms
46ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=322030387&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ul=en-us&de=UTF-8&dt=AFP%20sjell%20pamjet%20e%20njer%C3%ABzve%20t%C3%AB%20vrar%C3%AB%20dhe%20nd%C3%ABrtesave%20t%C3%AB%20shkat%C3%ABrruara%20n%C3%AB%20Ukrain%C3%AB%20pas%20sulmit%20rus%20-%20Gazeta%20Express&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBACEABBAAAAC~&jid=266823516&gjid=764783458&cid=828370054.1645702296&tid=UA-6427330-1&_gid=990415458.1645702296&_r=1&_slc=1&z=931558608

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 83ms
39ms Image
image/gif 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=322030387&t=event&_s=2&dl=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ul=en-us&de=UTF-8&dt=AFP%20sjell%20pamjet%20e%20njer%C3%ABzve%20t%C3%AB%20vrar%C3%AB%20dhe%20nd%C3%ABrtesave%20t%C3%AB%20shkat%C3%ABrruara%20n%C3%AB%20Ukrain%C3%AB%20pas%20sulmit%20rus%20-%20Gazeta%20Express&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VisitsSource&ea=Website&_u=IGBACEABBAAAAC~&jid=&gjid=&cid=828370054.1645702296&tid=UA-6427330-1&_gid=990415458.1645702296&z=775390616

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 07:58:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12774
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 82ms
39ms Image
image/gif 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=322030387&t=pageview&_s=3&dl=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ul=en-us&de=UTF-8&dt=AFP%20sjell%20pamjet%20e%20njer%C3%ABzve%20t%C3%AB%20vrar%C3%AB%20dhe%20nd%C3%ABrtesave%20t%C3%AB%20shkat%C3%ABrruara%20n%C3%AB%20Ukrain%C3%AB%20pas%20sulmit%20rus%20-%20Gazeta%20Express&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBACEABBAAAAC~&jid=&gjid=&cid=828370054.1645702296&tid=UA-6427330-1&_gid=990415458.1645702296&z=826665912

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 07:58:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12774
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 83ms
26ms Preflight 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.gazetaexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 24 Feb 2022 11:31:35 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.gazetaexpress.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
707 B 91ms
55ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:35 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 7b6fad44-991d-4c70-b808-d4a1d6f2bd4f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 4 KB
3 KB 153ms
94ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=59924&zone_id=2177830&size_id=55&rp_schain=1.0,1!Gazeta%20Express,19943,1,,,&rf=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tk_flint=pbjs_lite_v6.6.0&x_source.tid=a8051728-1c3e-4dde-b9d8-42d3a26f8f38&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6135192785723376
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 25fa9df1291293e23cb1e1f2b640e32b27adb0a34d46d1e107ea0db57a577735

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:35 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 2360
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 147ms
83ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=59924&zone_id=2177830&size_id=15&rp_schain=1.0,1!Gazeta%20Express,19943,1,,,&rf=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tk_flint=pbjs_lite_v6.6.0&x_source.tid=fb51efa0-dfc8-4f7b-9e7e-5e552d0b987a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5672300656615441
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 96b5f7165aee781f94f530a66d2409e7a11bb1b11e2ad6eb226b7287582a284b

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:35 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 / Show response
hb.emxdgt.com/ 0
163 B 236ms
210ms XHR
text/plain 35.156.230.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1645702295746&src=pbjs
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.230.193 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-230-193.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.gazetaexpress.com
date: Thu, 24 Feb 2022 11:31:35 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
413 B 112ms
59ms XHR
text/plain 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:35 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 93 B
751 B 99ms
48ms XHR
application/json 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.6.0
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 5e36dbd5a40407628bd40f9e16a04cff281c54a74d0b3f8610049e0b5f0a1ff2

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 24 Feb 2022 11:31:35 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
183 B 57ms
17ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.gazetaexpress.com
date: Thu, 24 Feb 2022 11:31:35 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
318 B 103ms
63ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.6.0&cb=73769866571

Requested by

Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

GET
H3 200 pubads_impl_2022022201.js Show response
securepubads.g.doubleclick.net/gpt/ 364 KB
122 KB 88ms
40ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

2b533fe5c53324b1ed9a449bbd2d899930396f3b03b05b4c06ee83dd98879074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 10:19:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4322
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125154
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 09:34:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 24 Feb 2023 10:19:33 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 82 B
103 B 96ms
49ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.gazetaexpress.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

c31b2375744708f38933b2cb26263a36bb9c254ba30d3d669953136ffd70dbe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78
x-xss-protection: 0
expires: Thu, 24 Feb 2022 11:31:35 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202180101/ 291 KB
105 KB 110ms
65ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202180101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4665846415960239&plah=www.gazetaexpress.com&bust=31065022

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

786b6adc2e6f5d2306b13b852a601c0f9d59345e92adc1388ff9a7060bfbf9e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107064
x-xss-protection: 0
server: cafe
etag: 1391163249785005271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 24 Feb 2022 11:31:35 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220221/r20190131/ Frame 0FC3 10 KB
5 KB 126ms
39ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220221/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Wed, 23 Feb 2022 15:37:55 GMT
expires: Wed, 09 Mar 2022 15:37:55 GMT
cache-control: public, max-age=1209600
age: 71620
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pica.js
www.gazetaexpress.com/cdn-cgi/challenge-platform/h/g/scripts/ 22 KB
8 KB 21ms
20ms Other
text/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 600420cd9284fada39a77741d8eb994f3bd743a499bf40135ce596d4b4ad01e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HO2oMRatxmHxX%2FwHJEA9B71%2F5740JbA8yPgPXizxZ2RfWo5BIYrCIWXWLS5ZN%2F4HIhNHUwEjOZNTrwX1bdDHgSaigTp5uvSSHj8LvBzwP3Yf%2FDcdUgku%2BTQQOaGeSkYEp3TO7wZre3E%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6e285e54caf092a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
446 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-6427330-1&cid=828370054.1645702296&jid=266823516&gjid=764783458&_gid=990415458.1645702296&_u=IGBACEAABAAAAC~&z=1107226311

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 24 Feb 2022 11:31:35 GMT
content-type: text/plain
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 28ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=260200548443713&ev=PageView&dl=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&rl=&if=false&ts=1645702295831&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1645702295829.29543988&it=1645702295683&coo=false&exp=p0&rqm=GET

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Thu, 24 Feb 2022 11:31:35 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 153ms
63ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6427330-1&cid=828370054.1645702296&jid=266823516&_u=IGBACEAABAAAAC~&z=478950626

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 154ms
64ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6427330-1&cid=828370054.1645702296&jid=266823516&_u=IGBACEAABAAAAC~&z=478950626

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 zL3yGDMKsu-xMKqMATYmVuBxfF0hIQNynsJSZ_W6iLihTzXfUpZPY_aDCNMfztJv4na4P0fVbQqIxufP1JXblxLv2TMTTXHxOgttP_OZh7IPLgLhh0p8WrBXQ9VnkQQhPB-wh23omVg28nt0vFVWefr5vy_teua-rihnD4JiI4VtVusYSyaLJ3TOxCR2TTnmkMEHA... Show response
serv431.com/ 833 B
1 KB 130ms
130ms XHR
application/json 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://serv431.com/zL3yGDMKsu-xMKqMATYmVuBxfF0hIQNynsJSZ_W6iLihTzXfUpZPY_aDCNMfztJv4na4P0fVbQqIxufP1JXblxLv2TMTTXHxOgttP_OZh7IPLgLhh0p8WrBXQ9VnkQQhPB-wh23omVg28nt0vFVWefr5vy_teua-rihnD4JiI4VtVusYSyaLJ3TOxCR2TTnmkMEHAnBvseGYaoZ9lGusVLFkG6UtJjfZKoDoz3CGX9jQgDVcFCPmbA7RcyNRQ68LZsqfrhcrIVqCNNl91jUnadFD9spIkf2oJeVDmF41AFovFqyr7wXdOwfj3Beusc7iQEIeFfZNJZrWtJkoMFt8RgmZRLADOhh2s418fQma7yfP075AFiAgXivnvzSrYzNDmwNzQ94MMUqUBNzdFLaKpRab5YbARdkmEvCt3sGDmlAQNsRo1zE04ZRJLjJcGEe_FPZ_6mZOT_oJmW3n9hRqvqkruHp7L8nnvmx-I0HXheRNLERqLmk5zpUX1fsYkrKZZL4ISgl_xZu9ABbMO5AGmTOWnDqL2TxjOUU-tViX6xzPScToXYPNBuNjxMk1-xG1huN2VJEo64M_iwEE?
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 709f1a720c27058d502868c68d0b45f2b9ebcf91798ebcc2a50281a95b034e1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:35 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 833
expires: 0

POST
H/1.1 200 zNPW-GtawiNVCmQtqAlCdqtOLvvUaMQ3-KIFIZthigLMXRdU3ilRTeNNWB9B-yidVIj6rwEEmVUJr0d8j0iuiTzatK2DqPC9QyiXNV0FdnJDc7c28POQo7ey_nsvyRSDpSthO0GOvG0xbnsYPA-c-IgKwCbNJ8OIlcYQ6s2beA_VhHivKHDs8rkMyhTgb5xlfLZIc... Show response
serv431.com/ 861 B
1 KB 260ms
130ms XHR
application/json 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://serv431.com/zNPW-GtawiNVCmQtqAlCdqtOLvvUaMQ3-KIFIZthigLMXRdU3ilRTeNNWB9B-yidVIj6rwEEmVUJr0d8j0iuiTzatK2DqPC9QyiXNV0FdnJDc7c28POQo7ey_nsvyRSDpSthO0GOvG0xbnsYPA-c-IgKwCbNJ8OIlcYQ6s2beA_VhHivKHDs8rkMyhTgb5xlfLZIcZo2QZ8vuJnMY_DjeDoyfC91YkzkDNQZ9y4eJQht_Pq78PYJgh6cMBtVuW3mZ0m5z6QZ03sbzQYiVL0v6nqa0_dvxszhqWRoP0Hxr9lz46YA0pVFmY2pBUTN76FjQxo0CdWaB_hDyegqrvo7AIFhvQqwlqTZVwVAPdRKvnaXvnafd8NpLdE7_qdeGpGTNd0kBWZEqRwfVZybtOc9E0MkQUnZqh-kENm6vhho6pVDuCMhtSN8mozGOBxWswdaY7SU5Y9c3Q3p84qIhvWCezmCCXt7HmFRLiSMqwT87UP_Xz26vb7HfatCRRaFXyyUNj746kPhp82dCuQ-PyjZTcIQN_Y53ugMVvKtwLR55JTwPoEoTGlxd5GBbDLthBO3baHXwdR41tsTpnkM?
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: e056c7d8bcb40f600d1da14237ed8fd94ffb843479d2368bd02bec3464fa39e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:35 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 861
expires: 0

POST
H/1.1 200 zPDCRzZ8aive9Qkx034ufO0NftDDeyoxzIF3LW0QmJwLLzccLnPJ6sX_66pjInhE4NybL-jukRLU2cIC6UPEeUnbV0N90HGL2mW1Jc2Rs0oAEqelX3ZQnHpHUpZXFPa4vnVv_culGBuE8YDjcYi9Di95NUC2Pr8zcixg4oJ0pt4QNrDXqo3FHcZwezMnVmIARQQpW... Show response
serv431.com/ 947 B
1 KB 375ms
127ms XHR
application/json 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://serv431.com/zPDCRzZ8aive9Qkx034ufO0NftDDeyoxzIF3LW0QmJwLLzccLnPJ6sX_66pjInhE4NybL-jukRLU2cIC6UPEeUnbV0N90HGL2mW1Jc2Rs0oAEqelX3ZQnHpHUpZXFPa4vnVv_culGBuE8YDjcYi9Di95NUC2Pr8zcixg4oJ0pt4QNrDXqo3FHcZwezMnVmIARQQpW2Ao1U1Irh_ctGX3AIe9I-pJOGpLZFGEqnPgvzIWfrKbl_yxMoXdxm0jKQctUJ1QV2vw8Ht1fZzINOB4D4BkAvHDzMDZ0Cx4sEWxaKtcXpkIW2ZBi0x9J2zs0geJtbPqKzMcXzJJwJsINXShVimTysyAIStEHpPWYhSaq0jhjQ9T7GjzXABG3GC9X0aIQaeS0aOGZzTocdOSdLMJji5xEJ8woVueFK5-xzOVF2Taq0YRC8Buzw0twW0Kkyn0PzeDL7wu9Bnqol8SNWcmW5tkyXmOlDYeviC7Z3cE4cJIPsrKa72Z5t_o0vYbg1WD4tdAv2aFtzRD0fYXrZEX8ckegyG6jihAJOC7Ntu29ahm8srY8zPNhUFxDGjt9a8aQSVB_RTK_kOLOTg?
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: d5d6ad7452742cafa0785874ad5e724266052b3cff53b5a200b550334749a187

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 947
expires: 0

POST
H/1.1 200 zEMz614DjsW-B8ODfEfKPMo7AfPR-B5XnaljpT-TO0cRgI-1JJM8fBKog1IbdTw7EDNF1EG_5B4rW3HCTkScORw8qarU0Ns93EHmNEWUNKE3npwJpNbVsSMPcC3Z1PrfB6W88qWhLfTBPhcSuUpWuRJ0Yvzb8iR8c-hnfHaMdg3CKrlj8wXps7S76thszPqx4CoMe... Show response
serv431.com/ 850 B
1 KB 377ms
128ms XHR
application/json 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://serv431.com/zEMz614DjsW-B8ODfEfKPMo7AfPR-B5XnaljpT-TO0cRgI-1JJM8fBKog1IbdTw7EDNF1EG_5B4rW3HCTkScORw8qarU0Ns93EHmNEWUNKE3npwJpNbVsSMPcC3Z1PrfB6W88qWhLfTBPhcSuUpWuRJ0Yvzb8iR8c-hnfHaMdg3CKrlj8wXps7S76thszPqx4CoMeuuuz_v-hxmWCbV9YKeiQhCclpTNFe_D_3cz0lhTM9D0Zbni4HwbBt_n2ECmD7W_R4NA44Dmn-kj3NvOY_Qt3gvAucAEbiZYNGVyQ_kMj3JVj_ia_Hn7yGHdG-3mc0gN1WX-QhaINSWWBMMidEFsmwimcvNPXknEBvXbfQ93WW5znY5jTrq5Kj9T0wMhvef1XacoFcX6CZAjPF0kktk79M6U-lq8dESJUtqp7rhOyd1aPotHGWlfLwjMVRpMqf14yJ9jCnih77OcRJ9_6SkF9ehDo5IjTtYLzW7JCZUL2QHsSGUmuGdbdqlNCh9jcf8FERiBQcAH56Nlhc44UDtx9bEcQqjFIDyjb9enhK36oI56GOCJjG7Zta3qulIZnSGWpJUti5JLjwEQ?
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 3436389192f2e567c2d9b452e681426c737ddd4482149f779166ffe8dd2b5031

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 850
expires: 0

POST
H/1.1 200 zhH3g_GMwGMZjH4QrkXtUXxFe29E7wEyZRLBFLhKdVyEW-kTufAoX0MmoRo3uDEKS6mNVBg5DhIbfdJx97Y5o9mliI58YKH8Sx4NnFQuzY2p5Q1rOSdVBrv9xVDdi4q_y1RRYrFCP4bNVdhHBgbvGX7cPN5rngukfNrVHQdaCY9v17TsV2DO7etlR-z9lbqhG99IL... Show response
serv431.com/ 900 B
1 KB 382ms
128ms XHR
application/json 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://serv431.com/zhH3g_GMwGMZjH4QrkXtUXxFe29E7wEyZRLBFLhKdVyEW-kTufAoX0MmoRo3uDEKS6mNVBg5DhIbfdJx97Y5o9mliI58YKH8Sx4NnFQuzY2p5Q1rOSdVBrv9xVDdi4q_y1RRYrFCP4bNVdhHBgbvGX7cPN5rngukfNrVHQdaCY9v17TsV2DO7etlR-z9lbqhG99ILLw0kdS_sde9IErkf_TuuNym11A49rVpU9TSDeLvc0SRyNiNmES_W74zgjQMs7xXzDSDxVbxgV4GKmcqB2wPuUj6YSYGupCHkOwsBI94K0NvJrxkvei3Jk-_JT9KN6kDAdzn_LQeCUgLzYDmgZFQkVn8jFfXb-HWrnuCDRlAL4qGm_2zU_rWsxF50iVbI5v7MPCZMO5PdCm4kLzAgE-Zhpz1rUadxdx9nCZZWzUvmTTTqHWZAk7qShQzPQ0JDqX2fCd9Q0sWWgUVmgCNNIcwtNeC_C-xm8eU2AsdpZw5xI6-7rHAPLNn3OLsiBxqqKzrTM0Gi7BPUhd3tzF1IflhsvKq9m-oWCHfmNS81RSvnm_y9EF582f-BsIrGjFTVwN8adhg6tZOznRM?
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 121ad23840ca54e191757ee6fba4a47cacddcea2e4125ae03ca7da781c51bdc6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 900
expires: 0

POST
H/1.1 200 zaekO4ZpTmfJViy1IHCHlRCIhHhlzVR7VU8eYGq_YkOnRLe7XZvHL_jrQYWpaDyMDAJly-X6lxIbgI7Jg8rbLmz12FF3bU3OCgIulQQJK4n6GxiSQO-ZRPzgREeCmha0ckWAZk8GDCNneFVqjV_FdnCe72zZ5zfOYNFiDb8etL1iwZ7AxK8BCfXvhftVomLDLtanQ... Show response
serv431.com/ 872 B
1 KB 383ms
131ms XHR
application/json 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://serv431.com/zaekO4ZpTmfJViy1IHCHlRCIhHhlzVR7VU8eYGq_YkOnRLe7XZvHL_jrQYWpaDyMDAJly-X6lxIbgI7Jg8rbLmz12FF3bU3OCgIulQQJK4n6GxiSQO-ZRPzgREeCmha0ckWAZk8GDCNneFVqjV_FdnCe72zZ5zfOYNFiDb8etL1iwZ7AxK8BCfXvhftVomLDLtanQZY6fsaMoxr-8wlbnMZKepdGZrT-YYAGiRPMCFMC6zwk81_kph5NbNIvOPBdLWsXI09b9xmIkE3Iy-9Xrmy__eRKLIXtMr6zPfegldQCGtIwt28egjL8FLW1IDPMfZpfVymdlW6hNtziOG7VLkuQdzjf6p-abCqsWreedrXA3OHkx4GgqNQg3np3y19mTsx8-tL2O9i4oAIy_ekAxYRm93sCoLRJN1BQ-wDWc2gUVxWiwGDa9K3srjKGCeh2XXZuDUNpFl8lrfF6pppVZPoySIuCZK9XV-rpHUMPgDCSVpvQnwInSFepq0F8hZSfm9jSC6cd3C_02uebpBlO_Rv3BkyDAO-2cfa85sPd3wsKi9UhPATwPmqpFymcQ5IuhxxqxIxkztsPnyUY?
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 1dfe6636ea39fb34282a6f412763ca440dcfed01a902f44f04b33df7a29188eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 872
expires: 0

POST
H/1.1 200 zmD34pgfFk5Kx0T21rd9dvy0gD-DqdQcn0q8Fy9TLqxn1J66Z6DeQ_-5Y4-RfHpgshUBgk8ZGpZPw2WqXthZkIGqLmE6CQHTOHSsTZzJU9oEY6gnej-Ro4f_Id71hswfNOPXcsv6qv5bQ-GFCAorFCrtdmDgAm-OB9sTYcs78wlC1sc290h6_XaWXQXzFnuV4T373... Show response
serv431.com/ 872 B
1 KB 382ms
130ms XHR
application/json 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://serv431.com/zmD34pgfFk5Kx0T21rd9dvy0gD-DqdQcn0q8Fy9TLqxn1J66Z6DeQ_-5Y4-RfHpgshUBgk8ZGpZPw2WqXthZkIGqLmE6CQHTOHSsTZzJU9oEY6gnej-Ro4f_Id71hswfNOPXcsv6qv5bQ-GFCAorFCrtdmDgAm-OB9sTYcs78wlC1sc290h6_XaWXQXzFnuV4T373mcgD9eZASqJUtCNfTuSOcu9zh5YzsuL5p6baKv1oGvXn44WWZFMDu5ydjwnr-OHhGYyKr5Pwqk4tu2E9V22n6YB89mImqSgSt9x0qPY9gj7xRh45IP3qle9tMkyTq0TJqy6VHZBglYe8PlbcyIO5tDPBrztnOwrlyLdX1LsiCiN-WpGf2G0HBwNdZkUC8WlrOyB_DcerhNoosRjED1hkv5tx6foIy2zAI-TourQRLk6gyi1i_2ICmgCqDl7dzVNEHvJ1oTGTF0qiqI3N5f9eleQcra4gOtREhCPv_Qtgr09Lt4ccRc5wSmRY8ZnTflvGMYKQ9qRkLu2FlJTGLvguHIaWZFD_H1K2ekg3k6SpwkLklvm1j2sLFkmFHk2khK7lcRoxv5DlwUY?
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 873fb236ec54b8c2dd25d3a8e29d31b8741c63d544e152cde3fbbe6ec38ae92f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 872
expires: 0

POST
H3 200 6e285e4f4d99918c Show response
www.gazetaexpress.com/cdn-cgi/challenge-platform/h/g/cv/result/ 2 B
697 B 37ms
36ms XHR
text/plain 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/challenge-platform/h/g/cv/result/6e285e4f4d99918c
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e285e5729b692a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AdcY7lLZrP3xm4YztovdqD1OhwMtgKYvxqiQnfJTyCcJ%2FQSHQVuVxX3mip2pj2Hbjzg%2B6XBPjzSZIzNH%2BOwh%2F3zyuyk59WEUHQG3S6V9%2FOZtTeNehlWckiUA5%2Bu1EE4EJxPSOFlMRMk%3D"}],"group":"cf-nel","max_age":604800}

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 156ms
68ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.gazetaexpress.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 135ms
48ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.gazetaexpress.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 91ms
90ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=393867970964119&correlator=351309945271198&output=ldjh&impl=fifs&eid=31064965%2C31065270%2C44752586%2C44756895%2C44756896&vrg=2022022201&ptt=17&sc=1&sfv=1-0-38&ecs=20220224&iu_parts=74207979%2Cadxp_ge_sticky%2Cadxp_ge_in-article&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=728x90%7C320x100%7C320x50%7C970x90%7C250x250%7C300x250%7C336x280%2C300x600%7C320x100%7C320x50%7C250x250%7C336x280%7C300x250&didk=2739344931~2024790018&prev_scp=hb_format_rubicon%3Dbanner%26hb_size_rubicon%3D970x90%26hb_pb_rubicon%3D0.04%26hb_adid_rubicon%3D23c317231e61b54%26hb_bidder_rubicon%3Drubicon%26hb_format%3Dbanner%26hb_size%3D970x90%26hb_pb%3D0.04%26hb_adid%3D23c317231e61b54%26hb_bidder%3Drubicon%7C&eri=1&cookie_enabled=1&bc=31&abxe=1&dt=1645702296218&lmt=1645702296&dlt=1645702295125&idt=1067&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C531&adys=1150%2C1735&ucis=1%7C2&adks=1438139209%2C1243139692&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&vis=1&scr_x=0&scr_y=0&psz=728x-1%7C824x50&msz=728x-1%7C824x50&ga_vid=828370054.1645702296&ga_sid=1645702296&ga_hid=322030387&ga_fc=true&fws=516%2C4&ohw=1600%2C1600&btvi=0%7C1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

51f0a8083efe4f1dc7cfd743d45df0615a47ba5900f8c09f07149882d48c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9384
x-xss-protection: 0
google-lineitem-id: 5363688884,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138310968994,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3d57460de9e80c101e86fe0c5db5eddd.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3A09 6 KB
4 KB 167ms
44ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3d57460de9e80c101e86fe0c5db5eddd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 24 Feb 2022 11:31:36 GMT
expires: Fri, 24 Feb 2023 11:31:36 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 221 B
418 B 49ms
48ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.gazetaexpress.com&callback=_gfp_s_&client=ca-pub-4665846415960239

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202180101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4665846415960239&plah=www.gazetaexpress.com&bust=31065022

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

281b364896fef75bcecf2abcc172ffe3ab59b0695985c924082415bcc999bd96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A6B2 603 B
67 B 115ms
67ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4665846415960239&output=html&adk=1812271804&adf=3025194257&lmt=1645702296&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645702295785&bpp=3&bdt=660&idt=446&shv=r20220221&mjsv=m202202180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5623693614665&frm=20&pv=2&ga_vid=828370054.1645702296&ga_sid=1645702296&ga_hid=322030387&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064857%2C31065022%2C44756895%2C44756896&oid=2&pvsid=393867970964119&pem=626&tmod=835804713&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=457

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 24 Feb 2022 11:31:36 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

index.html Show response
www.gazetaexpress.com/webads/onefor/728x90/ Frame F3A6
Redirect Chain

https://bit.ly/3HbDRHN
https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express

137 KB
24 KB

30ms
30ms

Document
text/html

172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b8dfe38e189ac7918c8ab08ded0700dbca5fdee7a70d2d2cfd9e6b4114ae37a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-type: text/html
vary: Accept-Encoding Accept-Encoding
last-modified: Tue, 22 Feb 2022 14:58:02 GMT
expires: Fri, 04 Mar 2022 15:07:48 GMT
cache-control: max-age=864000 public
pragma: public
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yo08hfjGvQCZNQfEdvxEtpDrHLaw6H96jeCuVldpbK%2FU3h5qROrG%2FlINpBr%2BkS3E0vHQAM3GvVvBoCB%2B6QZNaFWjrHdtnpHn8lkzjUXs2AlLP8A%2B4cZLjRZq4mk67FKE6bXZKrN4pi0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e285e589e2a92a7-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

server: nginx
date: Thu, 24 Feb 2022 11:31:36 GMT
content-type: text/html; charset=utf-8
content-length: 174
cache-control: private, max-age=90
content-security-policy: referrer always;
location: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express
referrer-policy: unsafe-url
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200 zsHcqeFYZl5TE4PtVkZ9PIxH5BH9-8otlM4qehW-f2zgYAPv_OPcmNmNXONFCSSmm1S6jpthJLCZLhtQdwS4RvLRKaJcQz3TN6woQn9zhVtCMZqmO1CEVeTESvUY7gxDJRWq5rU9QEvHNL_IhZyCh7LKDkMQmjeOA3MQvSfprK6c1DD5x9HYHxhdeRUOW2k6A3lE_...
serv431.com/ Frame 6CDC 43 B
511 B 128ms
128ms Image
image/gif 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://serv431.com/zsHcqeFYZl5TE4PtVkZ9PIxH5BH9-8otlM4qehW-f2zgYAPv_OPcmNmNXONFCSSmm1S6jpthJLCZLhtQdwS4RvLRKaJcQz3TN6woQn9zhVtCMZqmO1CEVeTESvUY7gxDJRWq5rU9QEvHNL_IhZyCh7LKDkMQmjeOA3MQvSfprK6c1DD5x9HYHxhdeRUOW2k6A3lE_5CBju7W0RxP-D0wer7ZUylA1LHE25bsmRWcysVQ9DZDqvETQ1j2ic_2Lig9NAv2gy-iq8Xr2FehE_gAFDLiwmiPaanwEz5uVQxqRoXXeXtuLQOe_sD8lClBu8wPdLb_rG04S0u6hz59V4waKHSuAmwrvF38QUKYzal0ZgX19UMDoXiVip1MqfvncQMwdTv9Mr8Jv8kUEri1Rfu5Y9aeB9h83S57dn4eD4A?DC=WZ
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Thu, 02 Dec 2021 16:25:42 GMT
etag: W/"43-1638462342000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 index.html Show response
www.gazetaexpress.com/webads/onefor/02.seconds-960x200/ Frame 6544 152 KB
24 KB 77ms
77ms Document
text/html 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 396e0732c96f3d35e00afe29a75e1ed0967bef21a1afe209174c18138a225bcd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-type: text/html
vary: Accept-Encoding Accept-Encoding
last-modified: Tue, 22 Feb 2022 14:57:55 GMT
expires: Fri, 04 Mar 2022 15:00:51 GMT
cache-control: max-age=864000 public
pragma: public
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2F3L8wqq3FcEjVvJDgfnUJUcFrbQf4mvcPb8pMBnDYJDd%2Fk7lK5X3XrQ3T8Puy29FhVu5tAcFkiskTBtKSHmWs8c%2FvYR6peGYwF9vlt6SJg5qY4iuincLjpC2gTUqM%2BTP6rRkzI1MGU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e285e57bb7692a7-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200 zz8i5C2I1WRyY7wKym0oQ1ySg4U6NxNgPf2enKfiphAg5nJeMU4NfZPkF7pFMUyIaYHVm94nYcetpyTOhrOozqk9gwlnW2e-h9fhyQ1g4Kz7P3KeTwUDxpm_bQkuNVbSYVd2p5T6VpTHlH71Sj0QGNEvPxGcudpn8HjtDhVlCqmtrjVSzD-0llaEHUUWleTNtFlvE...
serv431.com/ Frame 084A 43 B
511 B 124ms
124ms Image
image/gif 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://serv431.com/zz8i5C2I1WRyY7wKym0oQ1ySg4U6NxNgPf2enKfiphAg5nJeMU4NfZPkF7pFMUyIaYHVm94nYcetpyTOhrOozqk9gwlnW2e-h9fhyQ1g4Kz7P3KeTwUDxpm_bQkuNVbSYVd2p5T6VpTHlH71Sj0QGNEvPxGcudpn8HjtDhVlCqmtrjVSzD-0llaEHUUWleTNtFlvE1RwVBLTIJ607x981riSm7qTYZnBdHx6J8hvkdQrxLu_WtpakRUNOGFZkJ9yHZ5Gg_djA_IsuYPv9SaqU5UAQnSdv1YRRtutfY1zETKvidTbSMNso1JfcNa_4j6mF1v6LFFEsBNoQA227-6R5yTY6A4c2JFESOHWQ6ojDAAHuFqBt7RkHA9zRQ9tYP05YYPTOciYS1kOqqSRYWPBflezUqbQaICKeyNXXpA?DC=WZ
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Thu, 02 Dec 2021 16:25:42 GMT
etag: W/"43-1638462342000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pv
bisko.gjirafa.com/ 68 B
931 B 111ms
80ms Image
image/jpeg 104.26.1.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bisko.gjirafa.com/pv?t=1645702296279&guid=f03c417fc5e84f92babfaccec151f34f134b853f493947928f9053772479e6fb&sd=cfe9bf29b000415a9a40bdb8c6bbb0fb&c=%5B%5D&tg=%5B%5D&tt=AFP%20sjell%20pamjet%20e%20njer%C3%ABzve%20t%C3%AB%20vrar%C3%AB%20dhe%20nd%C3%ABrtesave%20t%C3%AB%20shkat%C3%ABrruara%20n%C3%AB%20Ukrain%C3%AB%20pas%20sulmit%20rus%20-%20Gazeta%20Express&u=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&r=&bl=en-US&sw=1600&sh=1200&h=2&v=6.2
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.1.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
x-aspnetmvc-version: 5.2
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nqlIlyNJVg%2FOWbg6FYtSkd%2FhNqwA%2FsaTYc9T0fSMBF2K4%2BMkB7INXctvdU6bvhl4spUaoZhAgimpi%2F%2FqWS5goI2ERJDwSG1ndm3bM3RouJACzJPQBEwLhofe02bdDZCPpZ2A"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-cache-status: DYNAMIC
cache-control: private
content-disposition: attachment; filename=bisko.jpg
cf-ray: 6e285e57f8fd9232-FRA
content-length: 68

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E739 0
0 64ms
63ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvTtA5QEZmnS68xVeXO6Rpuk_ZWYMIUlPvhAzEKzUu_aflMsFNKAKaW-IVCnBQ-ujDh2nyWf6MQwGMSJMNpwR5VJkaBRG7B9BnNUKkNvye-rT7wC3TtLFt3DxcGORR6nHZTB9ROQUSjrkMjmyF7D89P_Aqdlvx0YtdzX_XszQIgCaRWYYakL0X9GTY1nNFhO10-NcmBULlkY8KQWxq_I8wyioAkmgtXj_sM7uhOCZgK1brWQ-cCVJD5vNf5zmEXBryOjFzKQJH6X5r3pMtOLNMZ3hQg2tPJfMikMeZ3rpakUMDb3WA9tcol7oVztPtV6eaRoQ&sai=AMfl-YRx2gTeACutxPrICvocxDmJunhS3xxosAYwMi5k1fydrcNj3Ejha6vzepfGjC-EehO2fCPzFoQnLCZ6m3M8PsqxaD0PNlxxjw2zVJUZ_d4e8wZwW5jCh3iaFlCItOjg&sig=Cg0ArKJSzMDbTrjqYspMEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Feb 2022 11:31:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame E739 26 KB
9 KB 39ms
17ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e72a4d605e3d5af4047f1f34af4008981be221e0809e57805c6011c451f81c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9289
x-jsd-version: 1.13.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19170-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"682b-2ihEYwqesMldd0dS8BiHEV2ELiA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6e285e583ea19152-FRA

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E739 124 KB
38 KB 137ms
55ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 24 Feb 2022 11:31:36 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 1D7B 0
18 B 16ms
7ms Document
text/plain 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.gazetaexpress.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=0
date: Thu, 24 Feb 2022 11:31:36 GMT

GET
H3 200 y7fSIC-Nar-PQDdmdwDlbGcPmlk.js Show response
www.gazetaexpress.com/cdn-cgi/apps/head/ Frame 6544 5 KB
2 KB 32ms
32ms Script
application/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/apps/head/y7fSIC-Nar-PQDdmdwDlbGcPmlk.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fad256c668aa1eb51fa18a925e95273df342e46f3162de728123b4c1fb922b5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 699SG8ZPY7QRYG3P
x-amz-id-2: n4eS8D4Rdc0ph3JVZh+ojyuHdtP9i/JZ9oEtyhLYrxZ3ukRvlwE2jlkqkA2sMTfJvToznRNoMkM=
last-modified: Tue, 10 Nov 2020 13:59:35 GMT
server: cloudflare
etag: W/"b61e1b8cbc26b381f84b9fe75d6bd20a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGk89P0jE6vQZ%2BPinUONUozGInmEN5QqD%2BRrY95SetbJP3Xs00fIoiTvTJ1Iqz223tpnDLSPAe2Etsm8HUbzVExfc0yhxSWBhsBDCfAAaFbvU8fR0gkKfC6cWT%2FYwRRyBAf7%2FL2IBiQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: EbY_Qr2u_RqkzHBQ7tezB1tU2A4mETa.
cf-ray: 6e285e583d4392a7-FRA

GET
H2 200 css
fonts.googleapis.com/ Frame 6544 6 KB
1 KB 132ms
51ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inter:regular,700,500

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0e0acc73e788587d1ad30fe3a71bbc02dbaff6681c2d6499540094e6b6506867

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 11:31:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 24 Feb 2022 11:31:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H2 200 Enabler.js Show response
s0.2mdn.net/ads/studio/ Frame 6544 134 KB
46 KB 126ms
40ms Script
text/javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/Enabler.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86441c9a21f4c77dcbb2a4f020d904179f15c8e9b35f3f85d5d053ee62c13232

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:18:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 759
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46298
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 24 Feb 2022 11:33:57 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame FF60 3 KB
1 KB 280ms
68ms Script
application/javascript 2a03:5f80:a::b212:e7a3
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=4361
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a3 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: 6d4b871026e1912263de416e2998423157080532a674bfb55eff6372495521ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 1174
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H/1.1 200 zIlC2SOtOCHpJFWR3sC0uPNPfO4uWXwdOQ_fYSIR25ZoDs8UdZH1EJNPDRTEbFTCLXnFGRhZGeQtYEwUedkZnWBNj38rGlVeLecffEVhXGQ7X_K3ioaU9VkrR8tKjjZYiSR2jeLXl3ntqJbG7EvMNIdMmYnWr9psqODshG0E342gZ9LMoTnUGx97e5GzWVElzIyBZ...
serv431.com/ Frame FF60 43 B
510 B 127ms
126ms Image
image/gif 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://serv431.com/zIlC2SOtOCHpJFWR3sC0uPNPfO4uWXwdOQ_fYSIR25ZoDs8UdZH1EJNPDRTEbFTCLXnFGRhZGeQtYEwUedkZnWBNj38rGlVeLecffEVhXGQ7X_K3ioaU9VkrR8tKjjZYiSR2jeLXl3ntqJbG7EvMNIdMmYnWr9psqODshG0E342gZ9LMoTnUGx97e5GzWVElzIyBZjeVd7VvDVawAgXSnbmXEBRz_Lwpoivye2QA_xQCbKsKO97CTuFLzUugm64_3LFpBUcMrsb0wzP-V-zwjcov4FoOC0MdGawWyPV5DHl4KExihte4_kpU7PD6TkuoBB-_5AwND1qUHaPnfRZEhHMwzrBTyxXgyCeGCNe8mAnYcovdBsbA51p0Mi7CuuytTJBJm7-0hdrBxooEb7TUD1vn6ngxqPoLm9Zr_Wg?DC=WZ
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Thu, 02 Dec 2021 16:25:42 GMT
etag: W/"43-1638462342000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 7B20 4 KB
2 KB 280ms
74ms Script
application/javascript 2a03:5f80:a::b212:e7a3
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6751
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a3 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: b18983695372f4a79f7f99b514ffefaf9ff8f1bc359bc8ce59ee024638145c68

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 1420
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H/1.1 200 znuqSqXHdhwUg-8dqMlg5N5c67r1iBvrKqpqXeB8pSnmKcrUg62g1JgkrOT9WA9t2dDsZb9XTyAhog0jBumEIzISqvo1CORuZWMsy1VMq2mKOdrKS1jbbxiKcqrKTdqLBdDTW5MRYLr5pFr5WhLeubqOb1PYP75jd9hOO3jPZ1Pvn6GWu_uALqDsugiSywPtYkodf...
serv431.com/ Frame 7B20 43 B
536 B 129ms
129ms Image
image/gif 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://serv431.com/znuqSqXHdhwUg-8dqMlg5N5c67r1iBvrKqpqXeB8pSnmKcrUg62g1JgkrOT9WA9t2dDsZb9XTyAhog0jBumEIzISqvo1CORuZWMsy1VMq2mKOdrKS1jbbxiKcqrKTdqLBdDTW5MRYLr5pFr5WhLeubqOb1PYP75jd9hOO3jPZ1Pvn6GWu_uALqDsugiSywPtYkodfSTahUPjGWjZsGjfVGp-jCI6gjmqjeCYXLpuYYaX3CFEhr2vxCnxozia69R7XU4D9Ex4qCZfI0rLiNbOkiEXHaN8seNKGOCOIjS0xK20rZeBq6j4470ENCCE6vngw_qyeOUUJszKv7Alg9mgfgdR44IMOAMs2hAkJgLPX1JqHclAct57tgqGjw6YRZRfgRX7K0eDgE_r4ObXc8e1pl6Xtf-drSP-2dYQOOw?DC=WZ
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Thu, 02 Dec 2021 16:25:42 GMT
etag: W/"43-1638462342000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame CEAA 3 KB
1 KB 264ms
69ms Script
application/javascript 2a03:5f80:a::b212:e7a3
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=4361
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a3 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: 6d4b871026e1912263de416e2998423157080532a674bfb55eff6372495521ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 1174
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H/1.1 200 zYh8cdVYgJKnE2FafYgxOCm7MlAU-nG01R9CTsdfX_WoWThXuPk5rEI9-BEJLlFiLRWzAWH7UxaAqs7dJJkL_vWhUg63RCgLkpb2dHkWSKV6oLN4VFVpKFNbw4v-_LEgKmZQ-rA2ReBoVOhVrqUTeh6NjLw0D-SF4tH4jjlUFLmUOJWW5wEmZdD-FLk-iLeKjN8IU...
serv431.com/ Frame CEAA 43 B
536 B 128ms
128ms Image
image/gif 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://serv431.com/zYh8cdVYgJKnE2FafYgxOCm7MlAU-nG01R9CTsdfX_WoWThXuPk5rEI9-BEJLlFiLRWzAWH7UxaAqs7dJJkL_vWhUg63RCgLkpb2dHkWSKV6oLN4VFVpKFNbw4v-_LEgKmZQ-rA2ReBoVOhVrqUTeh6NjLw0D-SF4tH4jjlUFLmUOJWW5wEmZdD-FLk-iLeKjN8IUKt9vYcfdTjpOpAioY4Bt8HjKJ40283x9Li3Lyj-SEdQFcrd-q6FvmVWyOhHiOGez_5xp_0OYBfcErdwFJ6CasyW_w4ULGzGmx6kh7z0eBbzqWOl9ZsalK9yZqvDw24DDqtlEpqiFjRmiLCdEaO5QLg6QUvjz7a2GI3DTfCUArdsyc9VqHtjpR5qul5B1FZn1RjQkLvn5lsQuPLbtCKiP6hYMlTU8CSC8dw?DC=WZ
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Thu, 02 Dec 2021 16:25:42 GMT
etag: W/"43-1638462342000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C39F 174 KB
55 KB 211ms
110ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=D9C90B8C96C1CADA&u=%7CmfU2EJoeeNDkB04GWQ9jwWDKFYW7QMg96Bktz4IjyuM%3D%7C&c1=92U3al7lWbVmeBs5kV1BdtL1fLiyqTtS1i4r4gcqJw6sHrEkub6yyT0MEiGmtIJBiJDfKu26TMEjjYxq0-vA-KGRe-H6gNW69G2TSymoArvCNwn6RUWgBerSEIsN6wnXqYYgOAHeyBr4DmDvgfjHbHPZydJdLpB2yzgIsbQMKSvQ_J3R0u4a00ybx70IpotAcp4P5cvuphbAd9D8EC8Zd9Q0rCuOIAcPyv9_K2zaIwdnXuv3MEvBg1pHD_TGC9U3fU71JKq-Gpvc0ci_X6Eytr9dNBXiMBxjqebj3X6jl-PITpSi0uC27TN1Ahj4zY2FpgS_8VWGU8u6ON5IsAaDrls9Qx8DVa2K4ONsk_AKck89JF9PHLnPAT1GkWVsXnkWfI-d_pjWm14Erz1yoaR_-HHre2V4mPbB8NGZOb_11M3gJiyrfgpruAmHzkBRKOofbiOIMy6beh6Z_pme69gTMyV8XSkHfPQPUlTH90o0exl3Y1z8qa1TBYuT9QQXekEcrjC3AKi22pQ

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

20ec3f31b4762d74bc4fd1dc148a32b100919878695f57f4ff1d91f99b95ab34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=2xVJfJkWO_GOWL9kOGWpIbxQ2-z6rr4vOXa4XcIs0zyH92j9UTXvShl06JnnSTPZvQUCplK8v3LNQ8XwvSAflmG6kWl4iNz2gZhcEVpD0R6VfMlHKnfvTdpKvMZU2bGxxLnzG45fDiqvRBBDOFEtvIzQBXptSfNiIMN5hSCXBIvG2HeQskWV9BtocxqUP4Zi5tSdiravycmSjXabNmn9p5Rf5FyvRRZJCVrHygiLwzRepYcDEvlFCNEhCxWgmLt824hEsg"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 95560898
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 7081 281 B
554 B 33ms
9ms Document
text/html 23.0.42.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.0.42.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-0-42-150.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 24 Feb 2022 11:31:36 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200 13862b0d-71a9-47e7-a064-619c71d34b6a
beacon-ams3.rubiconproject.com/beacon/d/ Frame E739 43 B
354 B 117ms
24ms Image
image/avif 2602:803:c003:200::77
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/13862b0d-71a9-47e7-a064-619c71d34b6a?oo=0&accountId=12398&siteId=59924&zoneId=2177830&sizeId=55&e=6A1E40E384DA563B4A479982E0D84BA627F7BA1669315587676BE0FFE0AB7C25F56F990DEED90E93A12198AC8A61EC7EFE5D718BBE08EF1C2C14F2FC6A179D94E04BAA7F069F8CE0CA0AE3EB89135EFEE69E8B9F141FCF8B0E5E73E5C211B48914A0B0B28DB7312EA7335098C9ADCC02A949B4BE5F6BAB9BEED8E8716C334BEE588872201771EF0EE36A90D2B7BCD5FC1206D10D1D24E81E735CC33B19649C74B428DE344E0AECFEF12AA18E4487116559DA15747B2E87DFB1D5B0697BEA4070B6250F9E71F0FA8C20FD32ED9055769FC2962E11829849056057ADC59F501EA2920D8A372E0EEB5F35CC9AAA9FD0B049742E50611669C0D54C67A6C55E7A28DC5065159B85D32C0C76CAF94FDA9D5F67717AD71E4CAB6CF4E8FBE1B057ACF8649C3EE1250BF7FF91CDEE22D9A4B8E53ADEDD1827BFF55CD83AD53A0E1A2007C2402DA4CDFEE19081FA3F928F7EBB3F2E58408E352068071A8631E9927B1A49E6DC7A038375B4C8BF61DFF745D78EE4B87F16A55E252072B62E5DAD8544FE810675FC16ADF99E75BECBB7AB545DF31957EF8868E851D62B93137FCBA539B3F9EB349545C5D6FFDBC8F29DC82AA645A6DA6CDE8FFBADF9B2C7247971455085D753250F5313CB1A3D51A326A541C1325A73B7E975A788A818269FF93401954783A767422FB932E0B9D7EBE5C332EDAB490276A2918E20250980AC2CE27E50BE6EE0CF24048A49901D27C661A4FC34B1BDE8305E4A1160710CFD1B3CC2A29E2A281769469FA8A1B12FFED7C977728ED7AD466ECCF9A3DEB6BA38FBC406837D1C706043CE962D92C3D524F48ABB344FCFFA02D657A73393D8795FBDE633A7053C218A154508083FB1EDDDA3A0D9F941A2D9237E625848872D964AE88D14A8E282D0F9ED644D0FEA29AC4033250D07C5E35B517EA6922F6A5C0259003CF5105D5E5EA5540919E19C47FEB38F88AEA1C40F6239

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

2602:803:c003:200::77 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:36 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: image/avif
Cache-Control: private, max-age=0, no-cache
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame BE42 13 KB
4 KB 250ms
65ms Script
application/javascript 2a03:5f80:a::b212:e7a3
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=4391
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a3 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: 533082022bc927661c3e1117efd56ad87697ebf11b5e798341a2639f306a3c86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 4071
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H/1.1 200 zKuD8VpXkLWnG77T4_vyEUMm1e4bkqTXeqNKPiz7hX0Dzs-OKv8v7KWfltMHdq65eUCB6KnryY37pdBFreLFnX4KrYJ_BgMLn5DrzltlHIGAIx3FCWveM5Pg-t7vCOnJ9zTQu9e5gRLKsGvkQ1h0g-0nKQDmDBs5SaTxJxplQJsflfewZt_j60SWXtqOQtqNNGKVM...
serv431.com/ Frame BE42 43 B
537 B 128ms
128ms Image
image/gif 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://serv431.com/zKuD8VpXkLWnG77T4_vyEUMm1e4bkqTXeqNKPiz7hX0Dzs-OKv8v7KWfltMHdq65eUCB6KnryY37pdBFreLFnX4KrYJ_BgMLn5DrzltlHIGAIx3FCWveM5Pg-t7vCOnJ9zTQu9e5gRLKsGvkQ1h0g-0nKQDmDBs5SaTxJxplQJsflfewZt_j60SWXtqOQtqNNGKVMXXfrSiD6GRF7r2pjixqACApNrX7BiEN5rrzncBJa7PbKafqx3f9FA_CRtu5-nprCK31Rqn65mFrd-HCEWvzSf_zNALH9L7cnWMW7FqVQHg_ykLmklUS3e0mJzSqhWKGSIMbsTDBGHhEeHU6Jsxq5dSucF7PnoRoAgzbdWm2NhNuJkmFp-ikc0sRp5y7p3orEMbvvjCSN-ILmKtCawLwni3iFg14oSXDDDak?DC=WZ
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Thu, 02 Dec 2021 16:25:42 GMT
etag: W/"43-1638462342000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 635F 13 KB
4 KB 246ms
67ms Script
application/javascript 2a03:5f80:a::b212:e7a3
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=4391
Requested by: Host: serv431.com
URL: https://serv431.com/0a3b5987.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a3 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: 533082022bc927661c3e1117efd56ad87697ebf11b5e798341a2639f306a3c86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 4071
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H/1.1 200 zziXH2lV28tQ3VXRQHaZVlCu8H6ATg6KYbKBu4dtMPZ7UXOpnqmalm5PXjjHXTGm5BXb6LyOWIrqUKlHMr2Nn2w0GTsiZ0zi4i-ouXxjbmZrdLpLBlrP3cCCYFitJxRv78O5TcM2vVoz_rYBRanjaMPOJd0KjdLyjFy4Qm_R0UxUYwrX3ZrCWK_3UK4SkjRkw1fEZ...
serv431.com/ Frame 635F 43 B
537 B 126ms
126ms Image
image/gif 208.88.224.28
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://serv431.com/zziXH2lV28tQ3VXRQHaZVlCu8H6ATg6KYbKBu4dtMPZ7UXOpnqmalm5PXjjHXTGm5BXb6LyOWIrqUKlHMr2Nn2w0GTsiZ0zi4i-ouXxjbmZrdLpLBlrP3cCCYFitJxRv78O5TcM2vVoz_rYBRanjaMPOJd0KjdLyjFy4Qm_R0UxUYwrX3ZrCWK_3UK4SkjRkw1fEZ619xK12PHlWV8vCr9E0qAW0z69XJJ5vIoFISdEJMxo3nPp2FuGe_TTkJLiupMSBHClo1DxNYbE-prC5gCXf8LC-Hzn__g1XygG3G9O8u7x0P8GPoqmZuSsexGeF0xACdKx0_QNlBHk8B2YkBwu-WqZZOz6Cws1O1huPzysmmlSkRLcQUaTv5sXQRAZmCb5jA9p1z8BK0ZsK9nrv39PJsCHxRp-u8D1jIFoE?DC=WZ
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 208.88.224.28 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Thu, 02 Dec 2021 16:25:42 GMT
etag: W/"43-1638462342000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 U-7Baa56EnJJkA-3VT33cT_3HbI.js Show response
www.gazetaexpress.com/cdn-cgi/apps/body/ Frame 6544 4 KB
2 KB 18ms
17ms Script
application/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/apps/body/U-7Baa56EnJJkA-3VT33cT_3HbI.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/cdn-cgi/apps/head/y7fSIC-Nar-PQDdmdwDlbGcPmlk.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6927908310a9d8ea2a4e5594452cefd9dc8c8aa71bf101c4d497964b16efedf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ASE56KFFV7FCDECG
x-amz-id-2: 9aHdW1vfrGfTP+E04dhgEDoQZh1ROzS9zmNMkoLieerNfYKZQtVhCiLIsmD755KGtN4jWfPosKo=
last-modified: Tue, 10 Nov 2020 13:59:34 GMT
server: cloudflare
etag: W/"a48224d294929710ccf63815c082d82a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aeci5x%2F1fxqwZMEHeHyoeR%2FdZwU9WNCalYnxNT9DGA7nP7GEIN9s6KYCNv9tkRzM9IHTuX9YavX%2BR7UEEIdVFHLgmVILDDem0SLHrEjXoXyMtK%2BqVNVcMQXn2fLaKECX9gp8hbEkAYw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: OdY.zUSDblunDdofCPVQz2xapN1Ewriy
cf-ray: 6e285e591f9b92a7-FRA

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 7081 33 KB
10 KB 8ms
7ms Script
text/html 23.0.42.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.0.42.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-0-42-150.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 07ec0272972dcdb6e079ce032e15cc1f6de374d89b9fdb9cf9af5c2dd2c1070b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Thu, 24 Feb 2022 11:31:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 19:52:27 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=14535
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9760
Expires: Thu, 24 Feb 2022 15:33:51 GMT

GET
H3 200 y7fSIC-Nar-PQDdmdwDlbGcPmlk.js Show response
www.gazetaexpress.com/cdn-cgi/apps/head/ Frame F3A6 5 KB
2 KB 18ms
18ms Script
application/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/apps/head/y7fSIC-Nar-PQDdmdwDlbGcPmlk.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fad256c668aa1eb51fa18a925e95273df342e46f3162de728123b4c1fb922b5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683258
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 699SG8ZPY7QRYG3P
x-amz-id-2: n4eS8D4Rdc0ph3JVZh+ojyuHdtP9i/JZ9oEtyhLYrxZ3ukRvlwE2jlkqkA2sMTfJvToznRNoMkM=
last-modified: Tue, 10 Nov 2020 13:59:35 GMT
server: cloudflare
etag: W/"b61e1b8cbc26b381f84b9fe75d6bd20a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lz3%2B81SB3EwbKh0SGiKz7Gdbv7A3jNoj4qspvM7nfomtQlyyWuP4D4TYNj7dff2g%2B2LXj515JulJ0rsa7Dbx20xCFQWxdWB263CD%2ByR0%2FidbOwTcOB6xegWwEawKcFOtK0ghA3CrXqE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: EbY_Qr2u_RqkzHBQ7tezB1tU2A4mETa.
cf-ray: 6e285e58decc92a7-FRA

GET
H2 200 css
fonts.googleapis.com/ Frame F3A6 8 KB
731 B 52ms
52ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inter:regular,700,800,500

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

be9120d6402df0fd2d9c4a21c46071a3007cf7c5447ab72cb4204f63354a2d8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 11:31:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 24 Feb 2022 11:31:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H2 200 Enabler.js Show response
s0.2mdn.net/ads/studio/ Frame F3A6 134 KB
45 KB 82ms
82ms Script
text/javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/Enabler.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86441c9a21f4c77dcbb2a4f020d904179f15c8e9b35f3f85d5d053ee62c13232

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:18:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 759
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46298
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 24 Feb 2022 11:33:57 GMT

GET
H3 200 U-7Baa56EnJJkA-3VT33cT_3HbI.js Show response
www.gazetaexpress.com/cdn-cgi/apps/body/ Frame F3A6 4 KB
2 KB 20ms
19ms Script
application/javascript 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gazetaexpress.com/cdn-cgi/apps/body/U-7Baa56EnJJkA-3VT33cT_3HbI.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/cdn-cgi/apps/head/y7fSIC-Nar-PQDdmdwDlbGcPmlk.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6927908310a9d8ea2a4e5594452cefd9dc8c8aa71bf101c4d497964b16efedf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 683257
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ASE56KFFV7FCDECG
x-amz-id-2: 9aHdW1vfrGfTP+E04dhgEDoQZh1ROzS9zmNMkoLieerNfYKZQtVhCiLIsmD755KGtN4jWfPosKo=
last-modified: Tue, 10 Nov 2020 13:59:34 GMT
server: cloudflare
etag: W/"a48224d294929710ccf63815c082d82a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rPuHjJH%2BTl%2FQzJPMOr02c9jSy%2Fdm67pypI%2BGToleapk%2Fly7937xUQssHToaz9Eu4G62jJJeDkxse0j1cHPzR8QMpHd7z5qiKsMeX2xcRwmqPakyW9Tk8MDfh2UYyz2Wxk9yiJ1hK8AQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: OdY.zUSDblunDdofCPVQz2xapN1Ewriy
cf-ray: 6e285e592fcf92a7-FRA

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 6544 49 KB
20 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/cdn-cgi/apps/body/U-7Baa56EnJJkA-3VT33cT_3HbI.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 7003
date: Thu, 24 Feb 2022 09:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 24 Feb 2022 11:34:53 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E739 0
0 63ms
63ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFzXi8GEjlddAbZZxcTiW4pF7oTN6HHw-cpx9R9acShvrWw5CBasaKBnygu6cad93wwSGqc9BwTQ48NeAS4hlmvzazNl8VYs9PMMvJs_3Hty0E4_6EDlim0PEr_LdbPpyyizCNuj76Rkk-ncGzOHI1Fc4zHR9ekgX3X9Qi5WynJuRW0lS-UoyufmTbu5aLcwhS_NhbZ2TZRvkUvuwRbg_uIXpVRGTTmr8FvkaMSnIy1J8oBknHm-Yn615LeKmWmWVVG8ybTW4lvqjewHDyBLnF_4w1xqWsE0zY3rzp1Z_bLA8GNKpkKbab-xFPOQr6Bnw3dH29&sai=AMfl-YRG4a4ox9MMgjbqzV3p7wq5syrhH-48OuEjUDisDsT4EiNv1B4pCNh3xZVJyjHsLPLXb7XHKnp0oCS1tKP6N83HJon42Pw12mMTXxGqseyPLOpwzFoPLI-fEIBvMtFN&sig=Cg0ArKJSzMYdV83Hn59uEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Feb 2022 11:31:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
DATA 200
OK truncated
/ Frame E739 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d738702428e548afe4496af5815ea1c1e9e4dd77eadff2a73e444f8ab0ee140

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7081
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPoOF-GixJWD5o9ODMyBV2s&google_cver=1

0
239 B

34ms
10ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPoOF-GixJWD5o9ODMyBV2s&google_cver=1
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPoOF-GixJWD5o9ODMyBV2s&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 7081 0
0 56ms
19ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 7081
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L00WNMDN-1A-54BG

0
708 B

258ms
214ms

Image
text/plain

2620:1ec:22::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L00WNMDN-1A-54BG
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Server: 2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BBEE082C52764DF0A4563E7E6E651BE2 Ref B: VIEEDGE1208 Ref C: 2022-02-24T11:31:36Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXYwezN5U7fByx8L6kpvg==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L00WNMDN-1A-54BG
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v8/ Frame 6544 37 KB
37 KB 125ms
41ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v8/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter:regular,700,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 18:06:53 GMT
x-content-type-options: nosniff
age: 62683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37716
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:42:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Feb 2023 18:06:53 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7081
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NWQ2OTcwYzI4NjVmMDE1MDQzN2E3MTRhMzJkOGE3NTU4MGYxZGFhNA

170 B
502 B

97ms
56ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NWQ2OTcwYzI4NjVmMDE1MDQzN2E3MTRhMzJkOGE3NTU4MGYxZGFhNA

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NWQ2OTcwYzI4NjVmMDE1MDQzN2E3MTRhMzJkOGE3NTU4MGYxZGFhNA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7081
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/Fr-k-0Ozu2GujQpfN7BKSMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8727105653200393233

0
239 B

28ms
7ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8727105653200393233
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Content-Type: image/gif

Redirect headers

date: Thu, 24 Feb 2022 11:31:36 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8727105653200393233
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7081
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4cf56217-6c98-4b00-956c-59fb1de7107a

0
239 B

21ms
8ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4cf56217-6c98-4b00-956c-59fb1de7107a
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Content-Type: image/gif

Redirect headers

Date: Thu, 24 Feb 2022 11:31:36 GMT
Server: MT3 4172 645ee8c master cdg-pixel-x29 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4cf56217-6c98-4b00-956c-59fb1de7107a
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 24 Feb 2022 11:31:35 GMT

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 7081
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L00WNMDN-1A-54BG&sigv=1&esig=2~413910ee8c9f167b1dd64a366eafd45586fc0359

0
194 B

76ms
20ms

Image
text/plain

2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L00WNMDN-1A-54BG&sigv=1&esig=2~413910ee8c9f167b1dd64a366eafd45586fc0359

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L00WNMDN-1A-54BG&sigv=1&esig=2~413910ee8c9f167b1dd64a366eafd45586fc0359
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7081
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDAwV05NRE4tMUEtNTRCRw==

170 B
232 B

98ms
57ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDAwV05NRE4tMUEtNTRCRw==

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDAwV05NRE4tMUEtNTRCRw==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame F3A6 49 KB
20 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/cdn-cgi/apps/body/U-7Baa56EnJJkA-3VT33cT_3HbI.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 7003
date: Thu, 24 Feb 2022 09:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 24 Feb 2022 11:34:53 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v8/ Frame F3A6 37 KB
37 KB 147ms
84ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v8/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter:regular,700,800,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 18:06:53 GMT
x-content-type-options: nosniff
age: 62683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37716
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:42:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Feb 2023 18:06:53 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ Frame 6544 2 B
22 B 46ms
46ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1268922726&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gazetaexpress.com%2Fwebads%2Fonefor%2F02.seconds-960x200%2Findex.html&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=960x200&je=0&_u=AACAAEABAAAAAC~&jid=&gjid=&cid=828370054.1645702296&tid=UA-6427330-1&_gid=990415458.1645702296&_slc=1&z=1381103578

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C39F 2 KB
1 KB 106ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=D9C90B8C96C1CADA&u=%7CmfU2EJoeeNDkB04GWQ9jwWDKFYW7QMg96Bktz4IjyuM%3D%7C&c1=92U3al7lWbVmeBs5kV1BdtL1fLiyqTtS1i4r4gcqJw6sHrEkub6yyT0MEiGmtIJBiJDfKu26TMEjjYxq0-vA-KGRe-H6gNW69G2TSymoArvCNwn6RUWgBerSEIsN6wnXqYYgOAHeyBr4DmDvgfjHbHPZydJdLpB2yzgIsbQMKSvQ_J3R0u4a00ybx70IpotAcp4P5cvuphbAd9D8EC8Zd9Q0rCuOIAcPyv9_K2zaIwdnXuv3MEvBg1pHD_TGC9U3fU71JKq-Gpvc0ci_X6Eytr9dNBXiMBxjqebj3X6jl-PITpSi0uC27TN1Ahj4zY2FpgS_8VWGU8u6ON5IsAaDrls9Qx8DVa2K4ONsk_AKck89JF9PHLnPAT1GkWVsXnkWfI-d_pjWm14Erz1yoaR_-HHre2V4mPbB8NGZOb_11M3gJiyrfgpruAmHzkBRKOofbiOIMy6beh6Z_pme69gTMyV8XSkHfPQPUlTH90o0exl3Y1z8qa1TBYuT9QQXekEcrjC3AKi22pQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:36 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C39F 2 KB
1 KB 116ms
26ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:36 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C39F 308 B
636 B 111ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 19 Feb 2023 11:31:36 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame C39F 507 B
835 B 105ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 19 Feb 2023 11:31:36 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame C39F 43 B
347 B 242ms
17ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=7yoI5_4UG_iBLknEw7b_T8iwXaVHe20kkqlmSMukQTFwIlqkxgq2a_eEhTPa3bZVVdGaRtqXHtLPihLTqeZzMLoKMONH9ggZjgD4i8e8P4Pi-FE6W-rkCYpDpqvcVFmehSWnUaYqb5SVekWXFT24KPvMAhzb-KcjuQv0PLTBKwn3kgwTQedGuQFFqB9XGTc6enSuQduJowK3emhQQSDQlf72uS3GXujAQlhY5fMVb59MQLf5h6C8OGxMn_uQOT3ulj4r55yS7TkCyuWs8rlhRYWUaqiKrCiVh6mW4ojfQ02tfzrVEggl0-TpFjuhEBUwqQWXxP9oZ6y7O0lNcDsuvLxiLgVJe3-zPwNOxy35Mpo6wr54cT9s4xVmiJ6WI_c1j_PQys9pAcKjF_V3csrQNQf7P8OnGTuxcQTky0DsJ-obKYmKoMYWDoHxX0NIFOr3lJp7WQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3037627
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dis.aspx Show response
widget.nl.eu.criteo.com/dis/ Frame 72EB 28 B
572 B 108ms
16ms Document
text/html 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.nl.eu.criteo.com/dis/dis.aspx?pu=7944&cb=62176c972f309742885e031dd2eb3f6c

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

28246fc455ed80a6d38f2779e518e2fb49031680c01ae393a7cae3d04462daf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-type: text/html
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP='CUR ADM OUR NOR STA NID'
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
timing-allow-origin: *
server-processing-duration-in-ticks: 1693798
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

POST
H3 200 collect Show response
www.google-analytics.com/j/ Frame F3A6 2 B
22 B 46ms
46ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=598952595&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gazetaexpress.com%2Fwebads%2Fonefor%2F728x90%2Findex.html%3Futm_source%3DGazeta%2BExpress&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=728x90&je=0&_u=AACAAEABAAAAAC~&jid=&gjid=&cid=828370054.1645702296&tid=UA-6427330-1&_gid=990415458.1645702296&_slc=1&z=1114795621

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame C39F 12 KB
5 KB 36ms
18ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 62733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UbFHDi1GZNg8JSixWk%2Be4L7He6sHR47uu5nMlFdFy3HPRtpBip7J988JdZL4i%2FIX%2FkNPGX%2BGJ8%2BBkQP7a9QBnTBZkNJo9XgWqq3rv3Vbi4szIshIOzbtXuaAoITxLSS8CVWvI2dX0AIZX6krzm1s2c57"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e285e5a4a1d6940-FRA
expires: Tue, 14 Feb 2023 11:31:36 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame C39F 12 KB
6 KB 55ms
17ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:36 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 15 KB
16 KB 127ms
73ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=176&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=256&s=8MKqTj-u2M2J8Oy59yVmxgR-

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b09b4568e6d05c7d8721203cf78dd283559194f22f72159d381b4e0a12c81641

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28508550
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 15757
expires: Fri, 20 Jan 2023 10:34:07 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 71 KB
72 KB 67ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1171331-_x600-nocrop.jpg&v=3&w=400&s=Y5vuG7UXsL2GLhQ9f1nDUk7w&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

7f1f05b944164a16740a6b0e96aef23fd5a54abba0fdc286e4f93fe9dc47182b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31456910
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 72892
expires: Thu, 23 Feb 2023 13:33:27 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 66 KB
66 KB 112ms
59ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167546-_x600-nocrop.jpg&v=3&w=400&s=BSa_CYNiehYpKpTcNn2jt3hT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

4fb565264af26107bb37b1e495c4b4bf768cf212d74a9eb357249a67b5e64923

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31371759
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 67290
expires: Wed, 22 Feb 2023 13:54:15 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 104 KB
105 KB 80ms
28ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1169339-_x600-nocrop.jpg&v=3&w=400&s=LcZwwN_n9TFwKZOXyYe6P897&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

c47f6416a1e7a3b94dae823315649210f4b53409b67cff267622ea6290fbf2c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31363211
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 106712
expires: Wed, 22 Feb 2023 11:31:48 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 54 KB
54 KB 111ms
59ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1604246-_x600-nocrop.jpg&v=3&w=400&s=lKgDpIyiyMO5AN5djuLKz20g&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

2a3aba8dee63a3e91443ddce230696b802ae4db6e643f83ef6b370668211566b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31350387
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 54948
expires: Wed, 22 Feb 2023 07:58:04 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 62 KB
62 KB 112ms
59ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1517678-_x600-nocrop.jpg&v=3&w=400&s=PA15BKo0DFuvjuaWtL2hNjXq&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9c04e42082bd26de9c2fc64487b963b75cd4970889e1e9f20da8f4dbe4b6814a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31364146
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 63002
expires: Wed, 22 Feb 2023 11:47:23 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 25 KB
25 KB 17ms
16ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1191228-_x600-nocrop.jpg&v=3&w=400&s=5cTgij4hUxsM4ROqso3RsoMY&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1a0ccb885b347db7b78ec39912b3eb03e8e4a23b0fea7f0ad779811d8b3b344f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31348231
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 25154
expires: Wed, 22 Feb 2023 07:22:07 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 62 KB
62 KB 23ms
22ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1541617-_x600-nocrop.jpg&v=3&w=400&s=z-3Av6vLv6L0xUlL33GUVogR&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad168bf3ea421b2a06f16aef7ca0f291d2074d37538f7a25828cbfb2da703f1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31459886
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 63062
expires: Thu, 23 Feb 2023 14:23:03 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 43 KB
43 KB 18ms
17ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2076063-_x600-nocrop.jpg&v=3&w=400&s=2TiesAlgNFwfWaR1MWcA_xqB&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

67ef6baea88f759a2f04fb7b03b85548bc697c8b43fb6be9a40a876f252d1fe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:35 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31360046
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 43876
expires: Wed, 22 Feb 2023 10:39:03 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 55 KB
55 KB 19ms
18ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1179060-_x600-nocrop.jpg&v=3&w=400&s=AHhWa3OcbIVEavJ_feg7WXAY&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

69052d2158d54e69ae80a2b9acfccf337f4d86069d9b70e3f1267d3bcb2331ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31354098
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 55936
expires: Wed, 22 Feb 2023 08:59:54 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 50 KB
50 KB 24ms
23ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1172425-_x600-nocrop.jpg&v=3&w=400&s=o443pEa9dUrgkEYCePC-WFlc&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

38d77e6ab4f671272c96afc85c7a6d346decae101c936de581a5b1af104b7f36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31361430
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 50988
expires: Wed, 22 Feb 2023 11:02:06 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 61 KB
61 KB 29ms
27ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1890823-_x600-nocrop.jpg&v=3&w=400&s=rpP7UsqfimV7pxUl-iwjZCid&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

bf2a467ec32dd82eaaa5c8bd11d24434a504abbfce36f1a4ab4a332aadac6c57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31326348
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 62144
expires: Wed, 22 Feb 2023 01:17:25 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C39F 45 KB
45 KB 23ms
22ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1180250-_x600-nocrop.jpg&v=3&w=400&s=TZ2XTzKSXm__3VUBuesdb380&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

d6dd24892343a1f7467d0eaadf088a8293d2c9c8c9a441c16af9dde5551f5763

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=28666628
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 45614
expires: Sun, 22 Jan 2023 06:28:45 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C39F 0
127 B 269ms
17ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=2xVJfJkWO_GOWL9kOGWpIbxQ2-z6rr4vOXa4XcIs0zyH92j9UTXvShl06JnnSTPZvQUCplK8v3LNQ8XwvSAflmG6kWl4iNz2gZhcEVpD0R6VfMlHKnfvTdpKvMZU2bGxxLnzG45fDiqvRBBDOFEtvIzQBXptSfNiIMN5hSCXBIvG2HeQskWV9BtocxqUP4Zi5tSdiravycmSjXabNmn9p5Rf5FyvRRZJCVrHygiLwzRepYcDEvlFCNEhCxWgmLt824hEsg&sds=2&rev=unknown&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 24 Feb 2022 11:31:36 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C39F 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:36 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C39F 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:36 GMT

GET
H2 200 pav2.min.js Show response
cdn.projectagora-adtag-library.com/adtag/latest/ Frame BE42 32 KB
8 KB 276ms
62ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=4391
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 257a4584294f6aa97aeb3e9c8ddfdef3892ca1b3530213f80a2b431f0da20159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 11:41:27 GMT
server: UploadServer
etag: "a178823d2ae84db5f82ee3f3802b46c8"
vary: Accept-Encoding
x-goog-hash: crc32c=tugYrw==, md5=oXiCPSroTbX4LuPzgCtGyA==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycduVCU3brzOwxm6PX6aSQsxRU0KLSDaumNg69xCOJpw6pVF2vqHFojWXOY2NnvyzGFK9BcTTBkRBjBTGk0K7hQw
content-length: 7481

GET
H2 200 pav2.min.js Show response
cdn.projectagora-adtag-library.com/adtag/latest/ Frame 635F 32 KB
8 KB 275ms
62ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=4391
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 257a4584294f6aa97aeb3e9c8ddfdef3892ca1b3530213f80a2b431f0da20159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 11:41:27 GMT
server: UploadServer
etag: "a178823d2ae84db5f82ee3f3802b46c8"
vary: Accept-Encoding
x-goog-hash: crc32c=tugYrw==, md5=oXiCPSroTbX4LuPzgCtGyA==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycduVCU3brzOwxm6PX6aSQsxRU0KLSDaumNg69xCOJpw6pVF2vqHFojWXOY2NnvyzGFK9BcTTBkRBjBTGk0K7hQw
content-length: 7481

GET
H2 200 pav2.min.js Show response
cdn.projectagora-adtag-library.com/adtag/latest/ Frame FF60 32 KB
8 KB 280ms
67ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=4361
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 257a4584294f6aa97aeb3e9c8ddfdef3892ca1b3530213f80a2b431f0da20159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 11:41:27 GMT
server: UploadServer
etag: "a178823d2ae84db5f82ee3f3802b46c8"
vary: Accept-Encoding
x-goog-hash: crc32c=tugYrw==, md5=oXiCPSroTbX4LuPzgCtGyA==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycduVCU3brzOwxm6PX6aSQsxRU0KLSDaumNg69xCOJpw6pVF2vqHFojWXOY2NnvyzGFK9BcTTBkRBjBTGk0K7hQw
content-length: 7481

GET
H2 200 pav2.min.js Show response
cdn.projectagora-adtag-library.com/adtag/latest/ Frame CEAA 32 KB
8 KB 277ms
69ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=4361
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 257a4584294f6aa97aeb3e9c8ddfdef3892ca1b3530213f80a2b431f0da20159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 11:41:27 GMT
server: UploadServer
etag: "a178823d2ae84db5f82ee3f3802b46c8"
vary: Accept-Encoding
x-goog-hash: crc32c=tugYrw==, md5=oXiCPSroTbX4LuPzgCtGyA==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycduVCU3brzOwxm6PX6aSQsxRU0KLSDaumNg69xCOJpw6pVF2vqHFojWXOY2NnvyzGFK9BcTTBkRBjBTGk0K7hQw
content-length: 7481

GET
H2 200 pav2.min.js Show response
cdn.projectagora-adtag-library.com/adtag/latest/ Frame 7B20 32 KB
8 KB 279ms
72ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6751
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 257a4584294f6aa97aeb3e9c8ddfdef3892ca1b3530213f80a2b431f0da20159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 11:41:27 GMT
server: UploadServer
etag: "a178823d2ae84db5f82ee3f3802b46c8"
vary: Accept-Encoding
x-goog-hash: crc32c=tugYrw==, md5=oXiCPSroTbX4LuPzgCtGyA==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycduVCU3brzOwxm6PX6aSQsxRU0KLSDaumNg69xCOJpw6pVF2vqHFojWXOY2NnvyzGFK9BcTTBkRBjBTGk0K7hQw
content-length: 7481

GET
H3 200 css
fonts.googleapis.com/ Frame C39F 2 KB
507 B 96ms
49ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 10:27:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 24 Feb 2022 11:31:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 24 Feb 2022 11:31:36 GMT

GET
H2 200 / Show response
c.mgid.com/pv/ 0
303 B 41ms
34ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?pv=5&cbuster=1645702296761473305492&ogtitle=AFP%20sjell%20pamjet%20e%20njer%C3%ABzve%20t%C3%AB%20vrar%C3%AB%20dhe%20nd%C3%ABrtesave%20t%C3%AB%20shkat%C3%ABrruara%20n%C3%AB%20Ukrain%C3%AB%20pas%20sulmit%20rus%20-%20Gazeta%20Express&uniqId=0de9b&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fwww.gazetaexpress.com%2Fafp-sjell-pamjet-e-njerezve-te-vrare-dhe-ndertesave-te-shkaterruara-ne-ukraine-pas-sulmit-rus%2F&lu=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&sessionId=62176c99-0be1b&pageView=1&pvid=17f2b8034b985606427&site=634059&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1190148.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6e285e5ad9fb9049-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 MGID_plus.svg
cdn.mgid.com/images/logos/ 2 KB
1 KB 29ms
20ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/MGID_plus.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 741932350156677164b36a1506347cfd558bc502310bd1d50e246d454c4c1131

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: HIT
age: 6228
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 563Q182XKKBGBPYA
x-amz-id-2: bdPUe4HjGqrAVg8eEZZYoC6KD28ITcgPDbSbHjAUGcQb3btZBQnFND4c/5y2yIgUVrant8QWGnY=
last-modified: Tue, 23 Feb 2021 16:22:15 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1614097325/ctime:1614097325/gid:0/gname:root/md5:f7525f3a5f32c6f4a8e9867e9f57ab45/mode:33206/mtime:1614097325/uid:0/uname:root
etag: W/"f7525f3a5f32c6f4a8e9867e9f57ab45"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 6e285e5afa5d9049-FRA
expires: Fri, 25 Feb 2022 11:31:36 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
814 B 35ms
27ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: HIT
age: 5030
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: G7XVAWHV2A1TM5YQ
x-amz-id-2: YTUD+eplGac2nzDoCf6mNAS+SFRWUcCYJKczG3n8f/90lY7q4TeiITaNexYchgGjMS0Xbxxxcvw=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 6e285e5afa5c9049-FRA
expires: Fri, 25 Feb 2022 11:31:36 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame C39F 44 KB
44 KB 87ms
41ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 19:33:58 GMT
x-content-type-options: nosniff
age: 57458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45300
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 19:33:58 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame C39F 46 KB
46 KB 90ms
44ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 19:33:58 GMT
x-content-type-options: nosniff
age: 57458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47048
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 19:33:58 GMT

GET
H2 200 1 Show response
servicer.mgid.com/1190148/ 2 KB
1 KB 46ms
36ms Script
application/x-javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/1190148/1?pv=5&cbuster=1645702296851934124633&ogtitle=AFP%20sjell%20pamjet%20e%20njer%C3%ABzve%20t%C3%AB%20vrar%C3%AB%20dhe%20nd%C3%ABrtesave%20t%C3%AB%20shkat%C3%ABrruara%20n%C3%AB%20Ukrain%C3%AB%20pas%20sulmit%20rus%20-%20Gazeta%20Express&uniqId=0de9b&niet=4g&nisd=false&jsv=es6&w=824&h=110&wrongImageSize=1&cols=1&ref=&cxurl=https%3A%2F%2Fwww.gazetaexpress.com%2Fafp-sjell-pamjet-e-njerezve-te-vrare-dhe-ndertesave-te-shkaterruara-ne-ukraine-pas-sulmit-rus%2F&lu=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&sessionId=62176c99-0be1b&pageView=1&pvid=17f2b8034b985606427&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1190148.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15baa7ce734978655cc365f4ffc84a70958290d5ff42d3c7c97515a3f64ef326

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6e285e5b6b889049-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 1 Show response
servicer.mgid.com/1002277/ 5 KB
2 KB 40ms
33ms Script
application/x-javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/1002277/1?w=824&h=200&wrongImageSize=1&cols=3&pv=5&cbuster=1645702296852660555588&ogtitle=AFP%20sjell%20pamjet%20e%20njer%C3%ABzve%20t%C3%AB%20vrar%C3%AB%20dhe%20nd%C3%ABrtesave%20t%C3%AB%20shkat%C3%ABrruara%20n%C3%AB%20Ukrain%C3%AB%20pas%20sulmit%20rus%20-%20Gazeta%20Express&uniqId=0cb91&childs=1214277&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fwww.gazetaexpress.com%2Fafp-sjell-pamjet-e-njerezve-te-vrare-dhe-ndertesave-te-shkaterruara-ne-ukraine-pas-sulmit-rus%2F&lu=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&sessionId=62176c99-0be1b&pageView=0&pvid=17f2b8034b985606427&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1002277.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e713a2eb066ef53f257059ab7dfcb94c24ca5ce69c39088afa2e185c171de856

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6e285e5b6b849049-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 aHR0cHM6Ly93d3cuZ2F6ZXRhZXhwcmVzcy5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMjIvMDIvY29sbGFnZS00LTEtMTAwMHg1MTcuanBn.webp
s-img.mgid.com/l/556371/492x277/-/ 15 KB
15 KB 63ms
35ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/l/556371/492x277/-/aHR0cHM6Ly93d3cuZ2F6ZXRhZXhwcmVzcy5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMjIvMDIvY29sbGFnZS00LTEtMTAwMHg1MTcuanBn.webp?v=1645702296-Ol5RgeUMtAlUwyKNAAR0ZtM2YFtwCULFKUkso19CP2s
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af908e337acc4349a1e5b04b1b41644c533d2a6a3e8ea670b97d6b9f89342d1b

Request headers

Referer: https://www.gazetaexpress.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Feb 2022 11:22:40 GMT
x-mg-request-uuid: 88919dc3-77a9-4b45-bb4c-3c40b01a1390
age: 536
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e5bfc785bf1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14962
server: cloudflare

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIsd18xMDIwLHhfNTM3LHlfNDk0L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTEwLzEwMTkyNC9lOGE2N...
s-img.mgid.com/g/11739842/492x277/-/ 13 KB
14 KB 68ms
40ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/11739842/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIsd18xMDIwLHhfNTM3LHlfNDk0L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTEwLzEwMTkyNC9lOGE2NWU4NjU5ZjcxOWZiMTFmNDMzNmZhZDIyZTNkZS5qcGc.webp?v=1645702296-_8wmmtQ_024BpX5ogtWmeyX7hT30eal21unjbowFfMU
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fee5488f247de155c84a033494401076018c81062f48180373e3cf05ae47c69

Request headers

Referer: https://www.gazetaexpress.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 12:45:37 GMT
x-mg-request-uuid: 1e6d1b56-dab0-412b-a331-3e5fc170948c
age: 19710
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e5bfc7d5bf1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13508
server: cloudflare

GET
H2 200 aHR0cHM6Ly93d3cuZ2F6ZXRhZXhwcmVzcy5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMjIvMDIvdmxhZGltaXItcHV0aW4tMTU2OTU4OC5qcGc.webp
s-img.mgid.com/l/556371/492x277/-/ 18 KB
18 KB 69ms
41ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/l/556371/492x277/-/aHR0cHM6Ly93d3cuZ2F6ZXRhZXhwcmVzcy5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMjIvMDIvdmxhZGltaXItcHV0aW4tMTU2OTU4OC5qcGc.webp?v=1645702296-4rzFOnrrrodejes7wr-82ihit6xeO7VZ6tmCKveVFug
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dfe1f5166acd133c392771877a5ef3d4113babad672a52121af85ef65969d75

Request headers

Referer: https://www.gazetaexpress.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Feb 2022 11:22:39 GMT
x-mg-request-uuid: e594f3f0-749b-410f-90c2-66c350bb8349
age: 537
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e5bfc825bf1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18394
server: cloudflare

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIsd18xMDIwLHhfNjIzLHlfNTE2L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTExLzEwMTkyNC81OGNkZ...
s-img.mgid.com/g/11739861/492x277/-/ 12 KB
13 KB 65ms
37ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/11739861/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIsd18xMDIwLHhfNjIzLHlfNTE2L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTExLzEwMTkyNC81OGNkZGZiZjQwZTBjNDFmZTUzZDljZTZlY2VjZmM1Ni5wbmc.webp?v=1645702296-0z1qKuYwmnlDbpJ_Qz1pxT0mmhuKkaG0F381Rl_OYV4
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 586799c13e83606a88fdaf81995fc8b6b62afc99860c083d62fc6f9da40d67d7

Request headers

Referer: https://www.gazetaexpress.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 12:52:38 GMT
x-mg-request-uuid: ffd1b3a6-33e8-474e-9fb5-98b585bf4026
age: 16577
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e5bfc835bf1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12762
server: cloudflare

GET
H2 200 aHR0cHM6Ly93d3cuZ2F6ZXRhZXhwcmVzcy5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMjEvMTAveGhlbGFsLXN2ZWNsYS0xLnBuZw.webp
s-img.mgid.com/l/556371/492x277/-/ 6 KB
6 KB 63ms
36ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/l/556371/492x277/-/aHR0cHM6Ly93d3cuZ2F6ZXRhZXhwcmVzcy5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMjEvMTAveGhlbGFsLXN2ZWNsYS0xLnBuZw.webp?v=1645702296-eqKdZPcx5igek1WuELtPw2ADdIOLBN-x4ShmmWGkHcQ
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 052e8a9a82d3970d5b8590c5316fca7a939462daefcbf3a0d52c6b86666aa2e2

Request headers

Referer: https://www.gazetaexpress.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Feb 2022 11:22:40 GMT
x-mg-request-uuid: 5bdc6ca1-f282-4ce3-9914-eed46f1257f9
age: 536
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e5bfc865bf1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6120
server: cloudflare

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMS8xMDE5MjQvNWRiMTQ0ZWRhM2MzMDdlN...
s-img.mgid.com/g/11739862/492x277/-/ 10 KB
10 KB 115ms
114ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/11739862/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMS8xMDE5MjQvNWRiMTQ0ZWRhM2MzMDdlNjRkODVjZDk2OTQyMTA0NTIucG5n.webp?v=1645702296-G3f7d2sW18uLt6W7cHFfpqIS5-L-I34paKRXBssfUvo
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce452421ffc53808c61795729eef02db9132d6d2cbc68198b158dce56b519272

Request headers

Referer: https://www.gazetaexpress.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
cf-cache-status: MISS
last-modified: Tue, 21 Dec 2021 12:46:40 GMT
x-mg-request-uuid: 44b2a111-69f5-4bb1-90ca-c1b3bae08866
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e5c0cc05bf1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9756
server: cloudflare

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMS8xMDE5MjQvNDFhYTAwNDliZTFiMTQ2Z...
s-img.mgid.com/g/11739857/492x277/-/ 32 KB
33 KB 20ms
20ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/11739857/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMS8xMDE5MjQvNDFhYTAwNDliZTFiMTQ2ZThhZGM3MTU3OWQxOTI3OTMuanBlZw.webp?v=1645702296-pSGaCeFHn25xDWoERJ1B70u7D8mGVuhE6zi0bvUE9M0
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3a4032a23d7f94be7a6b3199fc6e227d8933d280fc0d3d3d842117a61a7dc94

Request headers

Referer: https://www.gazetaexpress.com/
Origin: https://www.gazetaexpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 12:45:37 GMT
x-mg-request-uuid: f03f7c44-36db-456d-b014-7e17ae1fc4aa
age: 16517
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6e285e5c0cc35bf1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 33276
server: cloudflare

GET
H3 200 int_exchange_wages_ad.svg
cdn.mgid.com/images/mgid/ 1 KB
990 B 35ms
35ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/mgid/int_exchange_wages_ad.svg
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 096a4bb9d7f8588a8520d57f103bdf0dae273af88fc0265371124c048bff7b05

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: br
cf-cache-status: HIT
age: 3400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3SH1PSEVTV59CSZD
x-amz-id-2: XhfZJEMZtqNRHMPQFgf1ChgjEe5aAVOEA+stQfffi10CROCVcSfBok4n4zqXcrod+98lm0aCye8=
last-modified: Mon, 04 May 2020 12:16:53 GMT
server: cloudflare
etag: W/"37346cd2daeeec771e8ffe3a34ef43ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 6e285e5bd9bc9143-FRA
expires: Fri, 25 Feb 2022 11:31:36 GMT

GET
H2 200 i.js Show response
cm.mgid.com/ 0
62 B 157ms
150ms Script
application/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?&cbuster=1645702296945231729150
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1002277.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6e285e5c2da99049-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 i-noref.js Show response
cm.mgid.com/ Frame A021 0
208 B 113ms
107ms Script
application/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=1645702296961551473124
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/g/a/gazetaexpress.com.1002277.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6e285e5c2d9b9049-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 prebid.js Show response
cdn.projectagora-adtag-library.com/prebid/latest/ Frame BE42 349 KB
112 KB 64ms
64ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 6e703e24ff02d7634580dcbf9287f9a7d46f79320c093d8d3756fde6136f81cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Thu, 13 Jan 2022 08:59:57 GMT
server: UploadServer
etag: "11268851b1fae583284d891ae77d8f75"
vary: Accept-Encoding
x-goog-hash: crc32c=iwkFbw==, md5=ESaIUbH65YMoTYka532PdQ==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycdszPzVoyAnFr9FBTOADyu4aG2L6NMdJdhmOtAHEfLoGWpY4CN0fbfGwngPUreTpwjUZZr7nW1o_RBmxwE1UkX0
content-length: 113743

GET
H2 200 prebid.js Show response
cdn.projectagora-adtag-library.com/prebid/latest/ Frame 635F 349 KB
112 KB 139ms
138ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 6e703e24ff02d7634580dcbf9287f9a7d46f79320c093d8d3756fde6136f81cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Thu, 13 Jan 2022 08:59:57 GMT
server: UploadServer
etag: "11268851b1fae583284d891ae77d8f75"
vary: Accept-Encoding
x-goog-hash: crc32c=iwkFbw==, md5=ESaIUbH65YMoTYka532PdQ==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycdszPzVoyAnFr9FBTOADyu4aG2L6NMdJdhmOtAHEfLoGWpY4CN0fbfGwngPUreTpwjUZZr7nW1o_RBmxwE1UkX0
content-length: 113743

GET
H2 200 prebid.js Show response
cdn.projectagora-adtag-library.com/prebid/latest/ Frame FF60 349 KB
112 KB 176ms
176ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 6e703e24ff02d7634580dcbf9287f9a7d46f79320c093d8d3756fde6136f81cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Thu, 13 Jan 2022 08:59:57 GMT
server: UploadServer
etag: "11268851b1fae583284d891ae77d8f75"
vary: Accept-Encoding
x-goog-hash: crc32c=iwkFbw==, md5=ESaIUbH65YMoTYka532PdQ==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycdszPzVoyAnFr9FBTOADyu4aG2L6NMdJdhmOtAHEfLoGWpY4CN0fbfGwngPUreTpwjUZZr7nW1o_RBmxwE1UkX0
content-length: 113743

GET
H2 200 prebid.js Show response
cdn.projectagora-adtag-library.com/prebid/latest/ Frame CEAA 349 KB
112 KB 172ms
171ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 6e703e24ff02d7634580dcbf9287f9a7d46f79320c093d8d3756fde6136f81cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Thu, 13 Jan 2022 08:59:57 GMT
server: UploadServer
etag: "11268851b1fae583284d891ae77d8f75"
vary: Accept-Encoding
x-goog-hash: crc32c=iwkFbw==, md5=ESaIUbH65YMoTYka532PdQ==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycdszPzVoyAnFr9FBTOADyu4aG2L6NMdJdhmOtAHEfLoGWpY4CN0fbfGwngPUreTpwjUZZr7nW1o_RBmxwE1UkX0
content-length: 113743

GET
H2 200 prebid.js Show response
cdn.projectagora-adtag-library.com/prebid/latest/ Frame 7B20 349 KB
112 KB 167ms
167ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 6e703e24ff02d7634580dcbf9287f9a7d46f79320c093d8d3756fde6136f81cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Thu, 13 Jan 2022 08:59:57 GMT
server: UploadServer
etag: "11268851b1fae583284d891ae77d8f75"
vary: Accept-Encoding
x-goog-hash: crc32c=iwkFbw==, md5=ESaIUbH65YMoTYka532PdQ==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycdszPzVoyAnFr9FBTOADyu4aG2L6NMdJdhmOtAHEfLoGWpY4CN0fbfGwngPUreTpwjUZZr7nW1o_RBmxwE1UkX0
content-length: 113743

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame BE42 483 B
940 B 49ms
22ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914596
x-amz-request-id: txa18be7cc609449c18883f-00620977f5
x-amz-id-2: txa18be7cc609449c18883f-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2F03P8RRawVCk52BtevM4BLPo1p4ZrRDNd1E69MzO3mOMmXgwPnml6QRnxYeLhL7a9hyH%2F5SbEIc%2BTRgI8KoE8K4lX4h2Z0M4uaqahvBvHFP0hKu6YqgUL8pFGO3lqRVhHL0koFbkKp1Amjy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6e285e5daab89137-FRA

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame BE42 0
343 B 53ms
17ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H2 200 / Show response
adx.adform.net/adx/ Frame BE42 5 B
488 B 64ms
64ms XHR
application/json 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTcwNjY1MSZ0cmFuc2FjdGlvbklkPTZlZDY4MjgyLTVkMzctNDlmNS05YjVhLTZhZWI4NTNjZTE2Mw%3D%3D&pt=gross&stid=4da1a421-6575-486e-b1eb-d439467e0631&fd=1

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.gazetaexpress.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame BE42 138 B
827 B 111ms
111ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4d6832eebaf859e918ee5abadba4d160dbfc08389a5149a4c165d13dd6a07fc6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 04d89d13-bac7-4961-b255-04b9fbbe1b3d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame BE42 19 B
284 B 33ms
9ms XHR
application/json 35.156.28.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=4.10.0&referrer=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tmax=2000

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.28.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-28-35.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame BE42 0
222 B 26ms
26ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.10.0&cb=56856698820

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame BE42 37 B
337 B 41ms
15ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=621768&v=7.2&r=%7B%22id%22%3A%2213c9d04742be8d8%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22142769276396c36%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%22142769276396c36%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22200x200%22%7D%2C%22banner%22%3A%7B%22w%22%3A200%2C%22h%22%3A200%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%22142769276396c36%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22250x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A250%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%22142769276396c36%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%22142769276396c36%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22640x360%22%7D%2C%22banner%22%3A%7B%22w%22%3A640%2C%22h%22%3A360%2C%22topframe%22%3A0%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22projectagora.com%22%2C%22sid%22%3A%22103530%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2998d6fd2f15eace8e6795cfc6f02f172826a110d1c8c13c60caff969a23bcd8

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.164], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.gazetaexpress.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Thu, 24 Feb 2022 11:31:37 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame BE42 267 B
729 B 138ms
138ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11498&site_id=111324&zone_id=1380844&size_id=15&alt_size_ids=13%2C14%2C16%2C198&rp_schain=1.0,1!projectagora.com,103530,1,,,&rf=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=6ed68282-5d37-49f5-9b5a-6aeb853ce163&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9164899572761487
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 24a61be54818638d79b60fb6667c84641df43a2ba33687ebd85be2f623c86869

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 267
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame BE42 0
120 B 66ms
18ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.gazetaexpress.com
date: Thu, 24 Feb 2022 11:31:37 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 arj Show response
projectagora-d.openx.net/w/1.0/ Frame BE42 73 B
145 B 73ms
33ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=6ed68282-5d37-49f5-9b5a-6aeb853ce163&nocache=1645702297209&schain=1.0%2C1!projectagora.com%2C103530%2C1%2C%2C%2C&aus=300x250%2C200x200%2C250x250%2C336x280%2C640x360&divIds=16604718_gazetaexpress.com_inarticle-adtag_300x250&auid=540924445
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 46f0a5a8ef9e040a9fe62208823f04802b8782dd0ea09379a12d399573b489e0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame 635F 483 B
556 B 20ms
19ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914596
x-amz-request-id: txa18be7cc609449c18883f-00620977f5
x-amz-id-2: txa18be7cc609449c18883f-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ph%2Fwi7ODKiDU%2BvB%2Bq4maHiWCFnfK%2BRw%2FK2%2FCQ3Tp1WX4VpYuvEqLyhjK3ahTYeBXgyzevD9NM5y9BhE2LdzLLtCJsVHSn9HhqnGxFhA19wDoeUHhjoHAB5uKm1G4wxdtRhF2BjmYH%2FX1KNCk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6e285e5dcaf59137-FRA

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 635F 5 B
488 B 59ms
58ms XHR
application/json 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTcwNjY1MSZ0cmFuc2FjdGlvbklkPTU4NjA5YmQ0LTNlYTctNDExOC1hZTVhLWIyY2VmMDI0Nzg2Zg%3D%3D&pt=gross&stid=42840e9d-0c92-44ef-b63a-7a10b6c445ac&fd=1

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.gazetaexpress.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 635F 267 B
729 B 171ms
171ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11498&site_id=111324&zone_id=1380844&size_id=15&alt_size_ids=13%2C14%2C16%2C198&rp_schain=1.0,1!projectagora.com,103530,1,,,&rf=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=58609bd4-3ea7-4118-ae5a-b2cef024786f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9553339219918027
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 60b2bb1d968cd3178c704955062990dda4b9ef7a77cb90e3b30a03d65b5645e0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 267
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 635F 36 B
336 B 14ms
13ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=621768&v=7.2&r=%7B%22id%22%3A%225286b7eebeb759%22%2C%22imp%22%3A%5B%7B%22id%22%3A%226cd13c722c557d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%226cd13c722c557d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22200x200%22%7D%2C%22banner%22%3A%7B%22w%22%3A200%2C%22h%22%3A200%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%226cd13c722c557d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22250x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A250%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%226cd13c722c557d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A0%7D%7D%2C%7B%22id%22%3A%226cd13c722c557d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621768%22%2C%22sid%22%3A%22640x360%22%7D%2C%22banner%22%3A%7B%22w%22%3A640%2C%22h%22%3A360%2C%22topframe%22%3A0%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22projectagora.com%22%2C%22sid%22%3A%22103530%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1041e3dc2033e5f6c5782c3f49a4ca3e333e1a800f65082e8464367e70fd623a

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.164], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.gazetaexpress.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Thu, 24 Feb 2022 11:31:37 GMT

GET
H2 200 arj Show response
projectagora-d.openx.net/w/1.0/ Frame 635F 73 B
383 B 35ms
25ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=58609bd4-3ea7-4118-ae5a-b2cef024786f&nocache=1645702297240&schain=1.0%2C1!projectagora.com%2C103530%2C1%2C%2C%2C&aus=300x250%2C200x200%2C250x250%2C336x280%2C640x360&divIds=16604718_gazetaexpress.com_inarticle-adtag_300x250&auid=540924445
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 618d78546b72b599a31a6e38d28f2efb0ba563221b8a2ddeeb2fb25dc771c724

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 635F 0
222 B 28ms
28ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.10.0&cb=23559246749

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 635F 0
64 B 45ms
30ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.gazetaexpress.com
date: Thu, 24 Feb 2022 11:31:37 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 635F 0
343 B 32ms
17ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 635F 19 B
283 B 9ms
9ms XHR
application/json 35.156.28.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.28.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-28-35.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 635F 139 B
828 B 104ms
77ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

02dae9eae6650b6b4674d04318448fd6ad1bbeeb7058ff199f38e19e34afc62c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 46cc62b7-a64a-4d62-9515-33bd919a3336
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame BE42 72 KB
23 KB 35ms
20ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914588
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx1508b278250145e89c24e-00620977fb
x-amz-id-2: tx1508b278250145e89c24e-00620977fb
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DZPcOmVoBTu69%2BUbII73iPveavlxIBDI0sQmR1XEkxWA9nOrjSL7yngDOEiP3kdWWdFFvPkv3XfhJEExInycEGFb2GlS7tInTdQ0rk1IQsh6NhPi9D7pEijL4lD6kCFWRVLeHfDfyOwcTRpY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6e285e5dea269055-FRA
access-control-allow-headers: Authorization

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame 635F 72 KB
22 KB 26ms
22ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914588
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx1508b278250145e89c24e-00620977fb
x-amz-id-2: tx1508b278250145e89c24e-00620977fb
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7xPL6pmLj5xgjRlye8wkI4MM5cRiWXCRi%2BxDdyGwqognViZwhX3walRYZJKCfSIE2riXepF3KpHDtQfWzDSOhUqUwNVQASIL3o5jMtDpYoyPQXKyEeuPKCDMUn%2B5YuGC45tcQfoiDHK5PtO1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6e285e5e0a4c9055-FRA
access-control-allow-headers: Authorization

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame FF60 483 B
553 B 20ms
19ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914596
x-amz-request-id: txa18be7cc609449c18883f-00620977f5
x-amz-id-2: txa18be7cc609449c18883f-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9xy4yeBYp%2BEJXLIRGhHDonNFC2izTsIDvBIn5ClXgtJHxw9xFML2c2Gc2gKfa%2FdDRqhDmc4FEseacw%2FCTTVKlB8M%2FP6hKGezoOP7HZP3FCDN62LWMUvKL%2FDp5932qndWzYoqbcjIS4DPLZeM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6e285e5e0ba89137-FRA

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame FF60 241 B
703 B 202ms
142ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11498&site_id=111324&zone_id=1378976&size_id=15&rp_schain=1.0,1!projectagora.com,103530,1,,,&rf=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=e72a7241-0923-42c6-ab3a-5250ff3be177&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.1479994919960006
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: ed0f6ad621155918c2f7129a3e531537ea28c627bd1b8d0f37d115e47354916a

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame FF60 0
64 B 17ms
17ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.gazetaexpress.com
date: Thu, 24 Feb 2022 11:31:37 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H3 200 arj Show response
projectagora-d.openx.net/w/1.0/ Frame FF60 73 B
101 B 42ms
25ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e72a7241-0923-42c6-ab3a-5250ff3be177&nocache=1645702297278&schain=1.0%2C1!projectagora.com%2C103530%2C1%2C%2C%2C&aus=300x250&divIds=16588074_gazetaexpress.com_ros_300x250&auid=540924443
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: c892cd533548bfd59af582215e294b58d5f5bbd90ba301c54bf62421f6942ff4

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame FF60 0
222 B 24ms
24ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.10.0&cb=90812967595

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame FF60 36 B
336 B 12ms
10ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=621765&v=7.2&r=%7B%22id%22%3A%22979d00d0233a61%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2210b3cb35fb3694b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621765%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22projectagora.com%22%2C%22sid%22%3A%22103530%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 27b865df4c8629eb1165471b7a0ed03af80da745137d5c66faa81d690f254766

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.164], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.gazetaexpress.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Thu, 24 Feb 2022 11:31:37 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame FF60 5 B
488 B 61ms
60ms XHR
application/json 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTcwNjY0MyZ0cmFuc2FjdGlvbklkPWU3MmE3MjQxLTA5MjMtNDJjNi1hYjNhLTUyNTBmZjNiZTE3Nw%3D%3D&pt=gross&stid=854d9828-9881-46ed-8794-51f9077ae051&fd=1

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.gazetaexpress.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame FF60 0
343 B 51ms
50ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame FF60 19 B
283 B 20ms
19ms XHR
application/json 35.156.28.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.28.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-28-35.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame FF60 139 B
828 B 50ms
24ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

f5ac9475c08e0ec43196ca533e775a594817aec0a8697b6708ad538cfac0b90e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: df610c06-76fa-47b7-8790-a2427c47e5d4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame CEAA 483 B
554 B 18ms
18ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914596
x-amz-request-id: txa18be7cc609449c18883f-00620977f5
x-amz-id-2: txa18be7cc609449c18883f-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PF4mgUC%2F8nYGD0Z1TP8%2B1Ab8UqID8M7U9kb8%2FQdvw3Uo3%2BGsBoi%2BlsCWKPX0IOjInAwZrNXfBCe3rtVLL7JGZftS6IOtxBs1ZMpbRN2aYAnjsJIJL2UNjd4mEiBj2lcK2YUHs%2FuX5pfiJEZP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6e285e5e5ca79137-FRA

GET
H2 200 / Show response
adx.adform.net/adx/ Frame CEAA 5 B
488 B 62ms
61ms XHR
application/json 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTcwNjY0MyZ0cmFuc2FjdGlvbklkPTQ3MGUxODIzLWRjNDItNDZkZS1iMTA0LWM1ZDg3OGMyNDRjOA%3D%3D&pt=gross&stid=c11d42be-71e8-400b-9d7b-66efad746498&fd=1

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.gazetaexpress.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame CEAA 0
222 B 20ms
19ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.10.0&cb=99653927938

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame CEAA 138 B
827 B 20ms
20ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

7ba64b0943aca05548fafbf0cb11340b830542a82e59cba86aa2ef238d5d2830

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 72de22fb-ce62-4745-9d7d-cba28aa88e5d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame CEAA 19 B
283 B 9ms
8ms XHR
application/json 35.156.28.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.28.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-28-35.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame CEAA 0
343 B 18ms
18ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:36 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame CEAA 37 B
337 B 10ms
9ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=621765&v=7.2&r=%7B%22id%22%3A%22113101b49a6c9ad%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2212d77cf6e034e52%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621765%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22projectagora.com%22%2C%22sid%22%3A%22103530%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cdd7bc05e0fe5a6db9c95d3423d085ce1db8d422aa4327b3a956862f8ee93ed4

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.164], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.gazetaexpress.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Thu, 24 Feb 2022 11:31:37 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame CEAA 241 B
703 B 157ms
138ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11498&site_id=111324&zone_id=1378976&size_id=15&rp_schain=1.0,1!projectagora.com,103530,1,,,&rf=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=470e1823-dc42-46de-b104-c5d878c244c8&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.41303493998235097
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: bdd9bb5117dc10e9547bd413fa3533cc5a08519255905b8d6ea29b1cdf01b6c2

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 arj Show response
projectagora-d.openx.net/w/1.0/ Frame CEAA 72 B
100 B 23ms
22ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=470e1823-dc42-46de-b104-c5d878c244c8&nocache=1645702297333&schain=1.0%2C1!projectagora.com%2C103530%2C1%2C%2C%2C&aus=300x250&divIds=16588074_gazetaexpress.com_ros_300x250&auid=540924443
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: b7d1514a8b3ea4d47261b129f85811bb1d6e1645298086663acb6a0131c26db3

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame CEAA 0
64 B 18ms
17ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.gazetaexpress.com
date: Thu, 24 Feb 2022 11:31:36 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame FF60 72 KB
22 KB 17ms
16ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914588
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx1508b278250145e89c24e-00620977fb
x-amz-id-2: tx1508b278250145e89c24e-00620977fb
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ehOSHj69ZSMS2LK2iE01vJERXm0xbqd%2B0EXzyFDPRTqmnDbOFxY%2FxEF%2BR%2Bie1ZR5jG3VNq9QPvhuDit6Qjn5czqX3RvG4aL2HI%2FrmgqDiqsw4X0FD5xkh0BmvUvIq0Vl9VM1GWjGExDQ36o"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6e285e5e6b3f9055-FRA
access-control-allow-headers: Authorization

GET
H3 200 asyncspc.php Show response
ads.gazetaexpress.com/www/delivery/ 706 B
1 KB 31ms
30ms XHR
application/json 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.gazetaexpress.com/www/delivery/asyncspc.php?zones=30&prefix=revive-0-&loc=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F

Requested by

Host: ads.gazetaexpress.com
URL: https://ads.gazetaexpress.com/www/delivery/asyncjs.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f14dce1f201fb2ec6dece12586a978345f4911493ef20d7840ebc707ccf93db

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BoNU5sLDiHNklqao0FVyqTTkS3Onh%2BustZE%2B7UG5X%2BXGFCb8fdLZTdf4%2BvfPGBPut4wqciiCb86qIJba1eaNZ37IbJJtYEerLbWOQBGKNPszUq6avbebb9UxuJLR60FUKog3OXBKAK4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.gazetaexpress.com
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6e285e5e7ddd92a7-FRA
expires: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 101ms
54ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62c1634fa97958e4de224df511474eac3a50469151e7a54d2bb1930f46ebdb5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9785
x-xss-protection: 0

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame 7B20 483 B
547 B 15ms
15ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914596
x-amz-request-id: txa18be7cc609449c18883f-00620977f5
x-amz-id-2: txa18be7cc609449c18883f-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jfCtfqOGDvpq4EFQTOkVGDtrmPW69sqVO5AN5XNGjrczEOqtJHl670funZntPUQkDLYXpoSo5lYvfTODzxkQ6IItqENE%2BmbphQg7OyHmpucbS68hAcD4oj9Lg23X5lcoNwOx1s5XA7EZpqj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6e285e5e8d3e9137-FRA

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 7B20 0
343 B 139ms
138ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 7B20 240 B
702 B 223ms
195ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11498&site_id=111324&zone_id=1549190&size_id=9&rp_schain=1.0,1!projectagora.com,103530,1,,,&rf=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=fb3b1118-2ca3-4bab-88c2-3c01e2d43f26&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.33882126323568285
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 7995b74a2667a2bbe66270586afd30480e3bfd8a8ad77da76b90711e50efb2ec

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 7B20 36 B
336 B 12ms
11ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=621767&v=7.2&r=%7B%22id%22%3A%225452ad7d8df97e%22%2C%22imp%22%3A%5B%7B%22id%22%3A%226c16b5044b5eed%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621767%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A0%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22projectagora.com%22%2C%22sid%22%3A%22103530%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 4fa58299d61aaecbcbdaf766cfa7b5a825d7ab3a99a733fa283b513129f7835a

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.164], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.gazetaexpress.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Thu, 24 Feb 2022 11:31:37 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 7B20 5 B
488 B 63ms
62ms XHR
application/json 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc3NzA4OSZ0cmFuc2FjdGlvbklkPWZiM2IxMTE4LTJjYTMtNGJhYi04OGMyLTNjMDFlMmQ0M2YyNg%3D%3D&pt=gross&stid=15d128ae-3d06-4b17-8869-e4d804a6ba24&fd=1

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.gazetaexpress.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 7B20 19 B
707 B 45ms
45ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bcb0596f-f146-4a4a-9759-6471a1c96309
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 7B20 1 KB
1 KB 27ms
27ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.10.0&cb=62073661255

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

54a52b05339c16fb11c34391658ca80300231bd29785fb9dbb75e77f84c59af8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Feb 2022 11:31:36 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 839

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 7B20 0
64 B 16ms
16ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.gazetaexpress.com
date: Thu, 24 Feb 2022 11:31:36 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H3 200 arj Show response
projectagora-d.openx.net/w/1.0/ Frame 7B20 73 B
101 B 25ms
25ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=fb3b1118-2ca3-4bab-88c2-3c01e2d43f26&nocache=1645702297405&schain=1.0%2C1!projectagora.com%2C103530%2C1%2C%2C%2C&aus=160x600&divIds=18287011_gazetaexpress.com_ros_160x600&auid=540990853
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 7ff069f778102bcd53e50841999d1be0352952cbcb29d36ed071d7454b6aaf08

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 7B20 19 B
283 B 9ms
8ms XHR
application/json 35.156.28.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.28.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-28-35.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/ Frame 603A 77 KB
21 KB 7ms
7ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 83cca59ffb460533a228945b27f8383b04da72776fa58f8970a208c57bec7210

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: i5PuGhg4WEaZNvUsOUUpMJOYoQsZA9vS
content-encoding: gzip
age: 3449
via: 1.1 varnish
x-cache: HIT
x-from-cache: 1
x-envoy-upstream-service-time: 5
content-length: 20801
x-amz-id-2: TjrVq/y9qe5S7UHha2KscfKn6uPAL9V8x3BCOgjCz8K3pr2se+Ly2Qc1Q6PkzAPU+K1plIJx8h0=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 10:34:08 UTC
server: nginx
x-timer: S1645702297.415134,VS0,VE1
etag: "b5173cfa6d873510a63f333aa020d7e4dda4ac63"
vary: Accept-Encoding, Accept-Encoding
x-amz-request-id: T19AG9HQXE8D9ZNW
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
date: Thu, 24 Feb 2022 11:31:37 GMT
abp: 19
x-cache-hits: 1

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame BE42 0
103 B 130ms
28ms Image
text/plain 52.208.122.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiNGRhMWE0MjEtNjU3NS00ODZlLWIxZWItZDQzOTQ2N2UwNjMxIiwiaG9zdG5hbWUiOiJ3d3cuZ2F6ZXRhZXhwcmVzcy5jb20iLCJldmVudHNCeVBsYWNlbWVudENvZGUiOlt7InNpemVzIjpbXSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbeyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJBREZPUk0ifSx7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJUUklQTEVMSUZUIn0seyJiaWRkZXIiOiJDUklURU8ifSx7ImJpZGRlciI6IkNSSVRFTyJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJJWCJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiUFVCTUFUSUMifSx7ImJpZGRlciI6Ik9QRU5YIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19XX0%3D&id=4da1a421-6575-486e-b1eb-d439467e0631&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.122.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-122-63.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 8AEF 3 KB
1 KB 63ms
62ms Script
application/javascript 2a03:5f80:a::b212:e7a3
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=4361
Requested by: Host: ads.gazetaexpress.com
URL: https://ads.gazetaexpress.com/www/delivery/asyncjs.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a3 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: 6d4b871026e1912263de416e2998423157080532a674bfb55eff6372495521ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 1174
expires: Thu, 24 Feb 2022 11:31:37 GMT

GET
H3 200 lg.php
ads.gazetaexpress.com/www/delivery/ Frame 8AEF 43 B
824 B 40ms
40ms Image
image/gif 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.gazetaexpress.com/www/delivery/lg.php?bannerid=8&campaignid=3&zoneid=30&loc=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&cb=6b03f212b3

Requested by

Host: ads.gazetaexpress.com
URL: https://ads.gazetaexpress.com/www/delivery/asyncjs.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4n7es37vA4f8NaAGgI9PC5w%2B5gWtsKEnpp%2B8l72bo97a7McCP6VhDZ4sDeVjR2ofwXiL%2F8W8a%2B47vwUuyy%2BILPjsoYe%2BXgFmQb8eI4UR8NJyioFm1BPUHNM5PVgK1Xcw%2FP4Jsd209Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6e285e5eeedc92a7-FRA
expires: 0

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/ Frame 5FEE 77 KB
20 KB 7ms
6ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 83cca59ffb460533a228945b27f8383b04da72776fa58f8970a208c57bec7210

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: i5PuGhg4WEaZNvUsOUUpMJOYoQsZA9vS
content-encoding: gzip
age: 3449
via: 1.1 varnish
x-cache: HIT
x-from-cache: 1
x-envoy-upstream-service-time: 5
content-length: 20801
x-amz-id-2: TjrVq/y9qe5S7UHha2KscfKn6uPAL9V8x3BCOgjCz8K3pr2se+Ly2Qc1Q6PkzAPU+K1plIJx8h0=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 10:34:08 UTC
server: nginx
x-timer: S1645702297.431382,VS0,VE0
etag: "b5173cfa6d873510a63f333aa020d7e4dda4ac63"
vary: Accept-Encoding, Accept-Encoding
x-amz-request-id: T19AG9HQXE8D9ZNW
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
date: Thu, 24 Feb 2022 11:31:37 GMT
abp: 19
x-cache-hits: 2

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 635F 0
103 B 118ms
30ms Image
text/plain 52.208.122.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiNDI4NDBlOWQtMGM5Mi00NGVmLWI2M2EtN2ExMGI2YzQ0NWFjIiwiaG9zdG5hbWUiOiJ3d3cuZ2F6ZXRhZXhwcmVzcy5jb20iLCJldmVudHNCeVBsYWNlbWVudENvZGUiOlt7InNpemVzIjpbXSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbeyJiaWRkZXIiOiJBREZPUk0ifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiSVgifSx7ImJpZGRlciI6Ik9QRU5YIn0seyJiaWRkZXIiOiJDUklURU8ifSx7ImJpZGRlciI6IkNSSVRFTyJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9LHsiYmlkZGVyIjoiVFJJUExFTElGVCJ9LHsiYmlkZGVyIjoiQVBQTkVYVVMifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=42840e9d-0c92-44ef-b63a-7a10b6c445ac&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.122.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-122-63.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame CEAA 72 KB
22 KB 18ms
17ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914588
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx1508b278250145e89c24e-00620977fb
x-amz-id-2: tx1508b278250145e89c24e-00620977fb
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sOJ1r7djMMwQ%2F3sNcKQl0FBBMZP0odZsAmMkAHPFAQXkuJ8rHOV0S%2Fh7hKlJnLFjkQUnywME2kyjh2BkYBjoInefcH6edLzxCB9XFxCLSD4PRI47VtkQAEB8sypo2RV5Mjh4j2DA%2F69g9i8R"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6e285e5efc4b9055-FRA
access-control-allow-headers: Authorization

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame 7B20 72 KB
22 KB 14ms
14ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914588
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx1508b278250145e89c24e-00620977fb
x-amz-id-2: tx1508b278250145e89c24e-00620977fb
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqAyuQILUWzgUeIBG4NB54SMOTXXvLM0LSUm%2BFGt%2BM%2BuyfXbYVU9HrmeOCa0FQxgTUOqxFp4v2SC3TFgGpjT1zB2DcQ9gCnPqWufhzzUHf959ubUzXGN%2F%2BK5SA6ZpeLC2hOW25g55qovv3CL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6e285e5efc4c9055-FRA
access-control-allow-headers: Authorization

GET
H2 200 impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js Show response
cdn.taboola.com/libtrc/ Frame 603A 618 KB
128 KB 7ms
6ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: d1fa3588ef1e4af46d8cb998d36a076f1e5b3488ae0a10c201bb2e8a6a72a617

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: qHUfGxsxF._KpeNFdiIdvkdEnsQgeft4
content-encoding: br
etag: "ccbbfc11a1f98ca210a82b96727f3e73"
age: 12980
x-cache: HIT
content-length: 130768
x-amz-id-2: DBafxK00VSBL+vGHdsYQwiGUMnf38vyfc8OKixhxsmHZzF97ODHtQlBaX/qbThVedhtnkiK6Bv8=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 07:34:14 GMT
server: AmazonS3-br
x-timer: S1645702297.439248,VS0,VE0
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Accept-Encoding
x-amz-request-id: NDF7PGP8NH3PT0ZT
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 95
x-cache-hits: 195

GET
H2 200 tr5
cdn.taboola.com/libtrc/ Frame 603A 3 B
78 B 10ms
9ms Image
text/html 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=lazy-load-tags_var
Requested by: Host: www.gazetaexpress.com
URL: https://www.gazetaexpress.com/AFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1645702297.439942,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
content-type: text/html
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

GET
H2 200 tr5
cdn.taboola.com/libtrc/ Frame 5FEE 3 B
58 B 8ms
8ms Image
text/html 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=lazy-load-tags_var
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1645702297.443384,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
content-type: text/html
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

GET
H2 200 impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js Show response
cdn.taboola.com/libtrc/ Frame 5FEE 618 KB
128 KB 7ms
7ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: d1fa3588ef1e4af46d8cb998d36a076f1e5b3488ae0a10c201bb2e8a6a72a617

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: qHUfGxsxF._KpeNFdiIdvkdEnsQgeft4
content-encoding: br
etag: "ccbbfc11a1f98ca210a82b96727f3e73"
age: 12980
x-cache: HIT
content-length: 130768
x-amz-id-2: DBafxK00VSBL+vGHdsYQwiGUMnf38vyfc8OKixhxsmHZzF97ODHtQlBaX/qbThVedhtnkiK6Bv8=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 07:34:14 GMT
server: AmazonS3-br
x-timer: S1645702297.444215,VS0,VE0
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Accept-Encoding
x-amz-request-id: NDF7PGP8NH3PT0ZT
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 95
x-cache-hits: 196

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 160ms
64ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022201.js?cb=31065270

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 24 Feb 2022 11:31:37 GMT

GET
H2 200 json Show response
trc.taboola.com/gazetaexpress300x250hu-r16604718/trc/3/ Frame 603A 3 KB
2 KB 124ms
118ms XHR
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/gazetaexpress300x250hu-r16604718/trc/3/json?tim=11%3A31%3A37.473&lti=lazy-load-tags_var&data=%7B%22id%22%3A802%2C%22ii%22%3A%22%2Fafp-sjell-pamjet-e-njerezve-te-vrare-dhe-ndertesave-te-shkaterruara-ne-ukraine-pas-sulmit-rus%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1645698289479%2C%22vi%22%3A1645702297471%2C%22cv%22%3A%2220220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A6959%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%2C%22e%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A300%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A250%2C%22dw%22%3A300%2C%22dh%22%3A250%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22gazetaexpressDisplay-16604718%22%2C%22orig_uip%22%3A%22gazetaexpressDisplay-16604718%22%2C%22cd%22%3A0%2C%22mw%22%3A300%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fafp-sjell-pamjet-e-njerezve-te-vrare-dhe-ndertesave-te-shkaterruara-ne-ukraine-pas-sulmit-rus%2CgazetaexpressDisplay-16604718%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22lazy-load-tags_var%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2a1a4a341afe353caa9baf08dadd6127dcf37946b3211f711b7b12cd7c23dae3

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 111
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: nginx
x-timer: S1645702297.484565,VS0,VE111
x-served-by: cache-hhn4062-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 json Show response
trc.taboola.com/gazetaexpress300x250hu-r16604718/trc/3/ Frame 5FEE 3 KB
2 KB 132ms
131ms XHR
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/gazetaexpress300x250hu-r16604718/trc/3/json?tim=11%3A31%3A37.485&lti=lazy-load-tags_var&data=%7B%22id%22%3A726%2C%22ii%22%3A%22%2Fafp-sjell-pamjet-e-njerezve-te-vrare-dhe-ndertesave-te-shkaterruara-ne-ukraine-pas-sulmit-rus%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1645698289479%2C%22vi%22%3A1645702297471%2C%22cv%22%3A%2220220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A6959%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%2C%22e%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A300%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A250%2C%22dw%22%3A300%2C%22dh%22%3A250%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22gazetaexpressDisplay-16604718%22%2C%22orig_uip%22%3A%22gazetaexpressDisplay-16604718%22%2C%22cd%22%3A0%2C%22mw%22%3A300%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fafp-sjell-pamjet-e-njerezve-te-vrare-dhe-ndertesave-te-shkaterruara-ne-ukraine-pas-sulmit-rus%2CgazetaexpressDisplay-16604718%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22lazy-load-tags_var%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 328585f7e15030c7004fa232f29918112b84b5a32caee192ce4c9a173fb4bd2b

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 125
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: nginx
x-timer: S1645702297.489119,VS0,VE125
x-served-by: cache-hhn4062-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 pa_backupads_lib.js Show response
projectagoralibs.com/libs/ Frame BAF3 4 KB
1 KB 66ms
22ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6757
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6GF2XJNDQ0X5GC14
x-amz-id-2: vN6AC67x2CuUzsYrc4BfJ/45JkyQXdj0oYzd1Vqf5UHvIvpwxdCrFz8HzHRoBH0A2qwDiCpzIoY=
last-modified: Tue, 20 Jul 2021 08:31:03 GMT
server: cloudflare
etag: W/"2d16b383f5bd347613b311222e31c59d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AbdSmYThz751sDGgB1%2BnwxIs6PiL49Qgb1Zv9shHpPUSY2CO4h7v8NGk2mbDIg45Zhpp9xvlsGQUUojyTzLdd4y9q6SW%2F5mGaTy%2FTqCxEm2cJn%2FfnpVDkmSudXQlt5r%2FE4%2F4gdq%2Bl85NJ6%2BvKxvWeTlOhA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6e285e5f9b268fe8-FRA

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame FF60 0
103 B 84ms
28ms Image
text/plain 52.208.122.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiODU0ZDk4MjgtOTg4MS00NmVkLTg3OTQtNTFmOTA3N2FlMDUxIiwiaG9zdG5hbWUiOiJ3d3cuZ2F6ZXRhZXhwcmVzcy5jb20iLCJldmVudHNCeVBsYWNlbWVudENvZGUiOlt7InNpemVzIjpbXSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbeyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9LHsiYmlkZGVyIjoiT1BFTlgifSx7ImJpZGRlciI6IkNSSVRFTyJ9LHsiYmlkZGVyIjoiSVgifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9LHsiYmlkZGVyIjoiVFJJUExFTElGVCJ9LHsiYmlkZGVyIjoiQVBQTkVYVVMifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=854d9828-9881-46ed-8794-51f9077ae051&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.122.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-122-63.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx

GET
H2 200 pav2.min.js Show response
cdn.projectagora-adtag-library.com/adtag/latest/ Frame 8AEF 32 KB
8 KB 62ms
62ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=4361
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 257a4584294f6aa97aeb3e9c8ddfdef3892ca1b3530213f80a2b431f0da20159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 11:41:27 GMT
server: UploadServer
etag: "a178823d2ae84db5f82ee3f3802b46c8"
vary: Accept-Encoding
x-goog-hash: crc32c=tugYrw==, md5=oXiCPSroTbX4LuPzgCtGyA==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycduVCU3brzOwxm6PX6aSQsxRU0KLSDaumNg69xCOJpw6pVF2vqHFojWXOY2NnvyzGFK9BcTTBkRBjBTGk0K7hQw
content-length: 7481

GET
H2 200 pa_backupads_lib.js Show response
projectagoralibs.com/libs/ Frame B9EB 4 KB
2 KB 43ms
22ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6757
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6GF2XJNDQ0X5GC14
x-amz-id-2: vN6AC67x2CuUzsYrc4BfJ/45JkyQXdj0oYzd1Vqf5UHvIvpwxdCrFz8HzHRoBH0A2qwDiCpzIoY=
last-modified: Tue, 20 Jul 2021 08:31:03 GMT
server: cloudflare
etag: W/"2d16b383f5bd347613b311222e31c59d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLvbhpvbJBRyNLeRG3PT4ptrD0mdpRjFiJFSOI6u916%2FadNdKlkldEeJV1yw4PwkqyNtvSLaHZjwEMwRGoU%2BFoV8M8pF%2BzIAlODRJaa6gSAQC0Bk%2BS3qNrEAQCc9GMnH%2Bj3W6u7a38byO5LjTdug7YLqfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6e285e5f9b2e8fe8-FRA

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame CEAA 0
103 B 67ms
29ms Image
text/plain 52.208.122.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiYzExZDQyYmUtNzFlOC00MDBiLTlkN2ItNjZlZmFkNzQ2NDk4IiwiaG9zdG5hbWUiOiJ3d3cuZ2F6ZXRhZXhwcmVzcy5jb20iLCJldmVudHNCeVBsYWNlbWVudENvZGUiOlt7InNpemVzIjpbXSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbeyJiaWRkZXIiOiJBREZPUk0ifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiVFJJUExFTElGVCJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9LHsiYmlkZGVyIjoiSVgifSx7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6Ik9QRU5YIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fV19&id=c11d42be-71e8-400b-9d7b-66efad746498&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.122.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-122-63.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E739 42 B
64 B 73ms
73ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvCcFFeD0iTAWdKRW4A4cdu0PAMk8ohG3KrEflF_fphzMbqCM8e9Srza4K8TwdjDDGo-E4RDFP5FkjRPqvfB5IlRVvxXsAc3KQ8V6zMKRTCXC6T6qo3&sig=Cg0ArKJSzG5jN-KFyVpWEAE&id=lidar2&mcvt=1006&p=1110,315,1204,1285&mtos=0,1006,1006,1006,1006&tos=0,1006,0,0,0&v=20220216&bin=7&avms=nio&bs=1600,1200&mc=0.96&app=0&itpl=19&adk=1438139209&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1645702296327&rpt=223&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 prebid.js Show response
cdn.projectagora-adtag-library.com/prebid/latest/ Frame 8AEF 349 KB
112 KB 62ms
62ms Script
text/javascript 2a03:5f80:a::b212:e7a0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7a0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: UploadServer /
Resource Hash: 6e703e24ff02d7634580dcbf9287f9a7d46f79320c093d8d3756fde6136f81cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Thu, 13 Jan 2022 08:59:57 GMT
server: UploadServer
etag: "11268851b1fae583284d891ae77d8f75"
vary: Accept-Encoding
x-goog-hash: crc32c=iwkFbw==, md5=ESaIUbH65YMoTYka532PdQ==
content-type: text/javascript
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
cache-control: private, max-age=86400
x-amz-meta-
accept-ranges: bytes
x-guploader-uploadid: ADPycdszPzVoyAnFr9FBTOADyu4aG2L6NMdJdhmOtAHEfLoGWpY4CN0fbfGwngPUreTpwjUZZr7nW1o_RBmxwE1UkX0
content-length: 113743

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 5722 43 KB
17 KB 23ms
23ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?u=%7CMW%2BYVyp3ccpgHJLJbZy4PW%2F4DVxOy4PeQ0SDMraOIUo%3D%7C&c1=92U3al7lWbVmeBs5kV1BduqmbVTsM6wtV5aDneJf4TumKkT4ir9J4LbqSNfvg0_pDaPHN0PpvMv0oyG26rQDaK9ITmtyhoEC_HwzXi-9UIUsJ_-dbeWHEcaauHKY_PS5FI2KSZs4a6jZWJrVDv4fblT7ond8I-F-WpMK9ahbII9BOC0VIkX5MlnJUQsYwZCHRL0JKDfHbw_Ft19-kPfLWZx1qRWjfrNm6ZJkhZ7NnWFm05aLBDgS1pYrbFECRQMFp3_WIR7SWcc1kVHdX7hTQza0R2VX9VGjshBMFwKUp1GgBkRlMvh0u0FqKyfLSDgAa8h53ujtsNwdJB4MdFHicxS5Qp4kZ42buzhDLH1EbCLTLJ3-FPT7sVUV3OfQmGmCLRyFw5YAKwyMYy29u5MUUQbwHIM5scsKmv54LJjmXFd-w0t3FUaF-JmKeuOZB8wmHY0Vw1OujOhiolReAq7x67DLeNslHaTZ9TJFCa4MnMA

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c7dbb2684ac05dd9a8ca6e56821718a634fe5efa3138f4243fee8e7791dfa706

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=sGrL9pkWO_GOWL9k9d1pasbY7WG7aytG8R7Jd3d6Odv6hlf-KWkcr2I5-Ipvk_MWtncKU9Q23y93hQjlY0N6ZVyWAXLPGiblH_HfgB_3PTV1y1RdOvaKHsfXoi4uegHnbA3vcUBECnrfDZ42SjrSTDNAGm-xEVqS6Cp6DYn650vQ7iL3qslpOpVnPhUM5ZMiU7yuCrOWn302DoLJo2rWG8ZjRulEioNWB9Q7g8XbVnWmYKIP8UmQnAx4Cxw"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 6495116
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 7B20 0
103 B 30ms
29ms Image
text/plain 52.208.122.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiMTVkMTI4YWUtM2QwNi00YjE3LTg4NjktZTRkODA0YTZiYTI0IiwiaG9zdG5hbWUiOiJ3d3cuZ2F6ZXRhZXhwcmVzcy5jb20iLCJldmVudHNCeVBsYWNlbWVudENvZGUiOlt7InNpemVzIjpbXSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbeyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJJWCJ9LHsiYmlkZGVyIjoiQURGT1JNIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9LHsiYmlkZGVyIjoiT1BFTlgifSx7ImJpZGRlciI6IlRSSVBMRUxJRlQifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTgyODcwMTFfZ2F6ZXRhZXhwcmVzcy5jb21fcm9zXzE2MHg2MDAiLCJzaXplcyI6W3sid2lkdGgiOjE2MCwiaGVpZ2h0Ijo2MDB9XSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbXSwicmVzcG9uc2VzIjpbeyJiaWRkZXIiOiJDUklURU8iLCJwbGFjZW1lbnRDb2RlIjoiMTgyODcwMTFfZ2F6ZXRhZXhwcmVzcy5jb21fcm9zXzE2MHg2MDAiLCJpZCI6IjE5MTVlYmZiYmI3ZmY0MSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjIyNjg4MTEzMTUyOTgwODA0LCJzaXplIjp7IndpZHRoIjoxNjAsImhlaWdodCI6NjAwfSwidGltZVRvUmVzcG9uZCI6MjksImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiQ1JJVEVPIiwicGxhY2VtZW50Q29kZSI6IjE4Mjg3MDExX2dhemV0YWV4cHJlc3MuY29tX3Jvc18xNjB4NjAwIiwiaWQiOiIxOTE1ZWJmYmJiN2ZmNDEiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MC4yMjY4ODExMzE1Mjk4MDgwNCwic2l6ZSI6eyJ3aWR0aCI6MTYwLCJoZWlnaHQiOjYwMH0sInRpbWVUb1Jlc3BvbmQiOjI5LCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=15d128ae-3d06-4b17-8869-e4d804a6ba24&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.122.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-122-63.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 7B20 0
103 B 29ms
29ms Image
text/plain 52.208.122.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjE5MTVlYmZiYmI3ZmY0MSIsInBsYWNlbWVudENvZGUiOiIxODI4NzAxMV9nYXpldGFleHByZXNzLmNvbV9yb3NfMTYweDYwMCJ9&id=15d128ae-3d06-4b17-8869-e4d804a6ba24&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.122.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-122-63.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx

GET
H2 200 cta-component.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.es6.js Show response
cdn.taboola.com/libtrc/ Frame 603A 18 KB
5 KB 7ms
6ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/cta-component.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac8c63242cd911601c4e31063f0f5619e2f9f4f0bf56d2ae8568278942b36c15

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: DKRyHaYnWI6K9x61xKlj.GExE11eZvfQ
content-encoding: gzip
etag: "e781a0bc9f6db718955c9a9963cb9052"
age: 13015
x-cache: HIT
x-amz-replication-status: FAILED
content-length: 5076
x-amz-id-2: dCZOmRoRWbB1Mujgb5Nl7RfSlE5C8UKL/0vc5lSuTDss7aMs6Nt25Mwm3fJp141J2wiUcQvG8Xg=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 07:34:21 GMT
server: AmazonS3
x-timer: S1645702298.618556,VS0,VE0
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Accept-Encoding
x-amz-request-id: VBWNXNNZM775BWWT
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 95
x-cache-hits: 111

GET
H2 200 userx.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.es6.js Show response
cdn.taboola.com/libtrc/ Frame 603A 18 KB
6 KB 7ms
6ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d3ce9e484f2c416af19f666a6ba47d17b380876c213fd740352d802adf5fc305

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: l6w0NLe9S1BIEP8.JTJ1AVA_ClPY7olh
content-encoding: gzip
etag: "ad1788078e595c57219488b88f694aeb"
age: 12978
x-cache: HIT
x-amz-replication-status: FAILED
content-length: 5452
x-amz-id-2: 7n7U4aUcH7BBB78Szz34KHIqJD1HTiQfu6FCyjOfIg+tyjf1eAMz6kmuTZSzxXsVhgVloIFwHTU=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 07:35:10 GMT
server: AmazonS3
x-timer: S1645702298.619249,VS0,VE0
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Accept-Encoding
x-amz-request-id: M8BFKF2QJRVTGZ4Q
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 95
x-cache-hits: 70

GET
H2 200 cta-component.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.es6.js Show response
cdn.taboola.com/libtrc/ Frame 5FEE 18 KB
5 KB 7ms
6ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/cta-component.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac8c63242cd911601c4e31063f0f5619e2f9f4f0bf56d2ae8568278942b36c15

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: DKRyHaYnWI6K9x61xKlj.GExE11eZvfQ
content-encoding: gzip
etag: "e781a0bc9f6db718955c9a9963cb9052"
age: 13015
x-cache: HIT
x-amz-replication-status: FAILED
content-length: 5076
x-amz-id-2: dCZOmRoRWbB1Mujgb5Nl7RfSlE5C8UKL/0vc5lSuTDss7aMs6Nt25Mwm3fJp141J2wiUcQvG8Xg=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 07:34:21 GMT
server: AmazonS3
x-timer: S1645702298.632531,VS0,VE0
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Accept-Encoding
x-amz-request-id: VBWNXNNZM775BWWT
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 95
x-cache-hits: 112

GET
H2 200 userx.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.es6.js Show response
cdn.taboola.com/libtrc/ Frame 5FEE 18 KB
5 KB 7ms
7ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/gazetaexpress300x250hu-r16604718/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d3ce9e484f2c416af19f666a6ba47d17b380876c213fd740352d802adf5fc305

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: l6w0NLe9S1BIEP8.JTJ1AVA_ClPY7olh
content-encoding: gzip
etag: "ad1788078e595c57219488b88f694aeb"
age: 12978
x-cache: HIT
x-amz-replication-status: FAILED
content-length: 5452
x-amz-id-2: 7n7U4aUcH7BBB78Szz34KHIqJD1HTiQfu6FCyjOfIg+tyjf1eAMz6kmuTZSzxXsVhgVloIFwHTU=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 24 Feb 2022 07:35:10 GMT
server: AmazonS3
x-timer: S1645702298.632743,VS0,VE0
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Accept-Encoding
x-amz-request-id: M8BFKF2QJRVTGZ4Q
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 95
x-cache-hits: 71

GET
H2 204 fix-user-id
trc.taboola.com/gazetaexpress300x250hu-r16604718/log/3/ Frame 5FEE 0
246 B 15ms
15ms Image
image/gif 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/gazetaexpress300x250hu-r16604718/log/3/fix-user-id?lti=lazy-load-tags_var&ri=082e09be9f56af04fdf8dccedb03fe1b&sd=v2_5f0cbec7ca70af5c148661f089016c3d_0b99788c-8897-4434-9269-0d83590e6511-tuct910f219_1645702297_1645702297_CIi3jgYQwqxKGP_ugNzyLyABKAEwODib4wlAhIoQSNTJ2QNQo-wQWABgAGjGot3Fm8C5-osBcAA&ui=0b99788c-8897-4434-9269-0d83590e6511-tuct910f219&pi=/afp-sjell-pamjet-e-njerezve-te-vrare-dhe-ndertesave-te-shkaterruara-ne-ukraine-pas-sulmit-rus&wi=-6057671118256195653&pt=text&vi=1645702297471&time=1645702297625&fromUser=1e224a7e-16ca-45ec-9cd5-53f1a992496d-tuct910f219&toUser=0b99788c-8897-4434-9269-0d83590e6511-tuct910f219&fromSD=v2_e9a0266fa242e8e4f4d83bf688666727_1e224a7e-16ca-45ec-9cd5-53f1a992496d-tuct910f219_1645702297_1645702297_CIi3jgYQwqxKGP_ugNzyLyABKAEwODib4wlAhIoQSNTJ2QNQo-wQWABgAGjGot3Fm8C5-osBcAA&toSD=v2_5f0cbec7ca70af5c148661f089016c3d_0b99788c-8897-4434-9269-0d83590e6511-tuct910f219_1645702297_1645702297_CIi3jgYQwqxKGP_ugNzyLyABKAEwODib4wlAhIoQSNTJ2QNQo-wQWABgAGjGot3Fm8C5-osBcAA&tim=11%3A31%3A37.626&id=8222&llvl=2&cv=20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
via: 1.1 varnish
server: nginx
x-timer: S1645702298.633585,VS0,VE9
x-served-by: cache-hhn4062-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 2459389b8d252fe01c57ea42cff39fd4.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 603A 16 KB
16 KB 9ms
8ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2459389b8d252fe01c57ea42cff39fd4.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 44f443dfaee7f8cc3ce88745cbb4789e2193536d6716aed93c65e5ae3b2208c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 24 Feb 2022 11:31:37 GMT
via: 1.1 varnish, 1.1 varnish
age: 3016022
edge-cache-tag: 428482119208658800222876680318248576721,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
cache-tag: 428482119208658800222876680318248576721,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 177
expiration: expiry-date="Fri, 21 Jan 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2459389b8d252fe01c57ea42cff39fd4.jpg
content-length: 15918
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified: Tue, 21 Dec 2021 10:19:25 GMT
server: nginx
x-timer: S1645702298.645091,VS0,VE1
etag: "1a8e6b0a0b326a75cbd60eade574fd13"
x-served-by: cache-bwi5035-BWI, cache-iad-kcgs7200095-IAD, cache-hhn4062-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 2459389b8d252fe01c57ea42cff39fd4.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 5FEE 16 KB
16 KB 7ms
6ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2459389b8d252fe01c57ea42cff39fd4.jpg
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 44f443dfaee7f8cc3ce88745cbb4789e2193536d6716aed93c65e5ae3b2208c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Thu, 24 Feb 2022 11:31:37 GMT
via: 1.1 varnish, 1.1 varnish
age: 3016022
edge-cache-tag: 428482119208658800222876680318248576721,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
cache-tag: 428482119208658800222876680318248576721,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 177
expiration: expiry-date="Fri, 21 Jan 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2459389b8d252fe01c57ea42cff39fd4.jpg
content-length: 15918
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified: Tue, 21 Dec 2021 10:19:25 GMT
server: nginx
x-timer: S1645702298.647628,VS0,VE0
etag: "1a8e6b0a0b326a75cbd60eade574fd13"
x-served-by: cache-bwi5035-BWI, cache-iad-kcgs7200095-IAD, cache-hhn4062-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1761 13 KB
5 KB 88ms
39ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Feb 2022 11:19:10 GMT
expires: Fri, 24 Feb 2023 11:19:10 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 747
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B723 783 B
534 B 99ms
49ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

863557d40001f083eeba7126d682f0d67d510f53976de0f4f8ff06c7a0294768

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tmV26vueHXk9LEew/WMT0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 24 Feb 2022 11:31:37 GMT
date: Thu, 24 Feb 2022 11:31:37 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-tmV26vueHXk9LEew/WMT0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 debug
am-trc-events.taboola.com/gazetaexpress300x250hu-r16604718/log/2/ Frame 603A 0
90 B 51ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/gazetaexpress300x250hu-r16604718/log/2/debug?tim=11%3A31%3A37.654&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=5909&cv=20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT&lt=lazy-load-tags_var&pct=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13799

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5722 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?u=%7CMW%2BYVyp3ccpgHJLJbZy4PW%2F4DVxOy4PeQ0SDMraOIUo%3D%7C&c1=92U3al7lWbVmeBs5kV1BduqmbVTsM6wtV5aDneJf4TumKkT4ir9J4LbqSNfvg0_pDaPHN0PpvMv0oyG26rQDaK9ITmtyhoEC_HwzXi-9UIUsJ_-dbeWHEcaauHKY_PS5FI2KSZs4a6jZWJrVDv4fblT7ond8I-F-WpMK9ahbII9BOC0VIkX5MlnJUQsYwZCHRL0JKDfHbw_Ft19-kPfLWZx1qRWjfrNm6ZJkhZ7NnWFm05aLBDgS1pYrbFECRQMFp3_WIR7SWcc1kVHdX7hTQza0R2VX9VGjshBMFwKUp1GgBkRlMvh0u0FqKyfLSDgAa8h53ujtsNwdJB4MdFHicxS5Qp4kZ42buzhDLH1EbCLTLJ3-FPT7sVUV3OfQmGmCLRyFw5YAKwyMYy29u5MUUQbwHIM5scsKmv54LJjmXFd-w0t3FUaF-JmKeuOZB8wmHY0Vw1OujOhiolReAq7x67DLeNslHaTZ9TJFCa4MnMA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:37 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 5722 2 KB
1 KB 79ms
79ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:37 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 5722 308 B
636 B 41ms
40ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 19 Feb 2023 11:31:37 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 5722 507 B
835 B 48ms
48ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 19 Feb 2023 11:31:37 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 5722 43 B
347 B 19ms
19ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=9aK4qZtGiyVHDoI13xG_NA4S0A8rZ_6xXMt5PR1MDlWV-baNcp0R0JrXb7RtsIEVBd2CG3wnYgozZMaLRRPuP8B4z9uVBTSJJWV0j4_CGtx4yCPlGIQkZ4a3h4w0-GvQCGx_Xy0CX7l6KtyzvBKZz40TOfDHIw0YHJIRHMl-7J82g9FK_zOSmT7Yi0PMrDNBXkgOVqbXeyMjo4Wk8uQPZahKJV0yvxCO05xxfaM8cZwjYezLd3JCK7bcNM-MaCJxbBOU1mLaZUnJz7ACma1Im--zzvJj_07CYKz1oMW6NubnUHUebgZfvvEkJT6IGQmr_NzpRO33S-4PTf7q3i0xKJRcTdyzvPzRBVPg4OOsYcDsy_Mx-5HtpKmAoGFfHDmSvopdjZS5a44cL-SZh-9JQAm-RwV45-QNr5E-fVRtFxsnn0j4Vo9KeL8zdTLOXpd_Q855P6JUm59-eHW5vhFN6db9Ex8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 4020044
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 6bb671a8b1504438871efd5043b2c269_image_ad_160x600.gif
static.criteo.net/design/dt/90764/211109/ Frame 5722 158 KB
159 KB 18ms
18ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/90764/211109/6bb671a8b1504438871efd5043b2c269_image_ad_160x600.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

466a7a040c068a04a0c88bc793cca7b89e0883e25eef53d8939b180c40f56f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
last-modified: Tue, 09 Nov 2021 08:25:50 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "618a308e-27880"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 161920
expires: Sun, 19 Feb 2023 11:31:37 GMT

GET
H2 200 dis.aspx Show response
widget.nl.eu.criteo.com/dis/ Frame B0BA 6 KB
3 KB 23ms
23ms Document
text/html 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.nl.eu.criteo.com/dis/dis.aspx?pu=175302&cb=62176c99c455ee1738627da633ec806e

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0a9a9dc6e0001a4121de2a1c509198a26a57e94eb365bc09f4d59046897cc9fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-type: text/html
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP='CUR ADM OUR NOR STA NID'
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
timing-allow-origin: *
server-processing-duration-in-ticks: 6918982
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2459389b8d252fe01c57ea42cff39fd4.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 44f443dfaee7f8cc3ce88745cbb4789e2193536d6716aed93c65e5ae3b2208c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Thu, 24 Feb 2022 11:31:37 GMT
via: 1.1 varnish, 1.1 varnish
age: 3016022
edge-cache-tag: 428482119208658800222876680318248576721,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
cache-tag: 428482119208658800222876680318248576721,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 177
expiration: expiry-date="Fri, 21 Jan 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2459389b8d252fe01c57ea42cff39fd4.jpg
content-length: 15918
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified: Tue, 21 Dec 2021 10:19:25 GMT
server: nginx
x-timer: S1645702298.664747,VS0,VE0
etag: "1a8e6b0a0b326a75cbd60eade574fd13"
x-served-by: cache-bwi5035-BWI, cache-iad-kcgs7200095-IAD, cache-hhn4062-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 3

GET
H2 200 2459389b8d252fe01c57ea42cff39fd4.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 5FEE 16 KB
16 KB 7ms
7ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2459389b8d252fe01c57ea42cff39fd4.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 44f443dfaee7f8cc3ce88745cbb4789e2193536d6716aed93c65e5ae3b2208c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Thu, 24 Feb 2022 11:31:37 GMT
via: 1.1 varnish, 1.1 varnish
age: 3016022
edge-cache-tag: 428482119208658800222876680318248576721,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
cache-tag: 428482119208658800222876680318248576721,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 177
expiration: expiry-date="Fri, 21 Jan 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2459389b8d252fe01c57ea42cff39fd4.jpg
content-length: 15918
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified: Tue, 21 Dec 2021 10:19:25 GMT
server: nginx
x-timer: S1645702298.665235,VS0,VE0
etag: "1a8e6b0a0b326a75cbd60eade574fd13"
x-served-by: cache-bwi5035-BWI, cache-iad-kcgs7200095-IAD, cache-hhn4062-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 4

POST
H2 200 all
csm.eu.criteo.net/ Frame 5722 0
127 B 18ms
17ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=sGrL9pkWO_GOWL9k9d1pasbY7WG7aytG8R7Jd3d6Odv6hlf-KWkcr2I5-Ipvk_MWtncKU9Q23y93hQjlY0N6ZVyWAXLPGiblH_HfgB_3PTV1y1RdOvaKHsfXoi4uegHnbA3vcUBECnrfDZ42SjrSTDNAGm-xEVqS6Cp6DYn650vQ7iL3qslpOpVnPhUM5ZMiU7yuCrOWn302DoLJo2rWG8ZjRulEioNWB9Q7g8XbVnWmYKIP8UmQnAx4Cxw&sds=2&rev=unknown&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 24 Feb 2022 11:31:37 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 5722 2 KB
1 KB 41ms
41ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:37 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 5722 2 KB
1 KB 40ms
40ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 19 Feb 2023 11:31:37 GMT

GET
H2 204 debug
am-trc-events.taboola.com/gazetaexpress300x250hu-r16604718/log/2/ Frame 5FEE 0
89 B 32ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/gazetaexpress300x250hu-r16604718/log/2/debug?tim=11%3A31%3A37.673&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=2547&cv=20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT&lt=lazy-load-tags_var&pct=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13799

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame 8AEF 483 B
549 B 27ms
27ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914596
x-amz-request-id: txa18be7cc609449c18883f-00620977f5
x-amz-id-2: txa18be7cc609449c18883f-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2B7y5GwZYGUn3vL30GMO1T1DVXo26Kh0%2Fas2F04OboO0rl1zfiTqcvkxVFBEOLlah4asD1bX7vdLMV1HT9WETFVtnTs8BodeW6C7dUMwHTL1WfXmWAq32U0ZY65Fa2%2FuJzHSlGLFURfGD0N7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6e285e609ac99137-FRA

GET
H3 200 arj Show response
projectagora-d.openx.net/w/1.0/ Frame 8AEF 73 B
101 B 28ms
27ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=8bc9a05d-247c-4bcf-83f7-0925adcb29a4&nocache=1645702297695&schain=1.0%2C1!projectagora.com%2C103530%2C1%2C%2C%2C&aus=300x250&divIds=16588074_gazetaexpress.com_ros_300x250&auid=540924443
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: df94fe798e040f392289ef362466750ac4c091c0960ab935d82b59669086d393

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 8AEF 0
222 B 31ms
30ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.10.0&cb=82624027117

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://www.gazetaexpress.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 8AEF 137 B
826 B 26ms
26ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e7027cf2a9a7ba25d1b0d07042a081976369073a20ca86356291df7d8bfce4f4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 3bef5372-4dc2-442e-837d-c61ff45c2f98
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 137
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 8AEF 5 B
488 B 67ms
63ms XHR
application/json 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTcwNjY0MyZ0cmFuc2FjdGlvbklkPThiYzlhMDVkLTI0N2MtNGJjZi04M2Y3LTA5MjVhZGNiMjlhNA%3D%3D&pt=gross&stid=4068634c-4df1-48a3-98b6-bdbd35bd9e26&fd=1

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.gazetaexpress.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 8AEF 36 B
336 B 61ms
58ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=621765&v=7.2&r=%7B%22id%22%3A%22992b5f639abc9d%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22107fcab690f9ac5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22621765%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A0%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22projectagora.com%22%2C%22sid%22%3A%22103530%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 58897bcf12685bc19f85b299f49a5bbfe087b784143bb067807b6005311996d2

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.164], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.gazetaexpress.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Thu, 24 Feb 2022 11:31:37 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 8AEF 0
64 B 23ms
21ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.gazetaexpress.com
date: Thu, 24 Feb 2022 11:31:35 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 8AEF 19 B
283 B 23ms
21ms XHR
application/json 35.156.28.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.28.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-28-35.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 8AEF 0
343 B 22ms
21ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 8AEF 241 B
703 B 120ms
120ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11498&site_id=111324&zone_id=1378976&size_id=15&rp_schain=1.0,1!projectagora.com,103530,1,,,&rf=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=8bc9a05d-247c-4bcf-83f7-0925adcb29a4&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.31275988415644984
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: ef43d3115edcc000e014a3fe5a093d9c4ff86d0419b72a1bc73eb772fba75807

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.gazetaexpress.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C39F 0
127 B 17ms
17ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 24 Feb 2022 11:31:36 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame 8AEF 72 KB
22 KB 16ms
16ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 914588
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx1508b278250145e89c24e-00620977fb
x-amz-id-2: tx1508b278250145e89c24e-00620977fb
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uSDSbKMq72kmyVL0z%2BDJvN4ci5Ekyb0rfc3%2Bbow5hzYhYndXIpc5LB4IJSq7dWJ3v21iUvZnBfEAJZ9MP2L2ojcJ0w%2B5AVhtVbPA2OzebIvuQEykx9sCchkrEiJsEypegIu18b9aycZXOsCE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6e285e6109a19055-FRA
access-control-allow-headers: Authorization

GET sync
gum.criteo.com/ Frame 3492 0
0

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 3492
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay0zZjY2M2lEVVlXQzNHd1R3S3NwZDlRaFNsTjdzWF8yZWtvN29sQQ
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

43 B
369 B

60ms
16ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Protocol

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 244966
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 279
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
partner.mediawallahscript.com/ Frame 3492 0
0

GET 362338.gif
idsync.rlcdn.com/ Frame 3492 0
0

GET receive
pixel.tapad.com/idsync/ex/ Frame 3492 0
0

GET v1
ads.yahoo.com/cms/ Frame 3492 0
0

GET spp.pl
sp.analytics.yahoo.com/ Frame 3492 0
0

GET sync
ups.analytics.yahoo.com/ups/58301/ Frame 3492 0
0

GET cookie-sync
sync.outbrain.com/ Frame 3492 0
0

GET t.gif
cw.addthis.com/ Frame 3492 0
0

GET tap.php
pixel.rubiconproject.com/ Frame 3492 0
0

GET setuid
secure.adnxs.com/ Frame 3492 0
0

GET pixelCt.tpmn
ad.tpmn.co.kr/ Frame 3492 0
0

GET idsync
tg.socdm.com/aux/ Frame 3492 0
0

GET sync
adgen.socdm.com/rtb/ Frame 3492 0
0

GET Pug
simage2.pubmatic.com/AdServer/ Frame 3492 0
0

GET /
cs.adingo.jp/sync/ Frame 3492 0
0

GET xuid
eb2.3lift.com/ Frame 3492 0
0

GET k-vIClfCDUYWC3GwTwKspd9QhSlN5vjFVfWA7O0A
an.yandex.ru/mapuid/criteois/ Frame 3492 0
0

GET cksync.php
contextual.media.net/ Frame 3492 0
0

GET /
sync.ad-stir.com/ Frame 3492 0
0

GET rum
r.casalemedia.com/ Frame 3492 0
0

GET pixel
adx.dable.io/ Frame 3492 0
0

GET /
s.ad.smaato.net/c/ Frame 3492 0
0

GET sync
x.bidswitch.net/ Frame 3492 0
0

GET
H2 200 sync
ad.as.amanad.adtdp.com/v1/ Frame 3492 42 B
885 B 271ms
236ms Image
image/gif 143.204.98.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.as.amanad.adtdp.com/v1/sync?dsp_id=4,5&uid=k-jb77ZSDUYWC3GwTwKspd9QhSlN6Hju9B-dP3iA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-69.fra50.r.cloudfront.net

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:38 GMT
via: 1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 42
x-xss-protection: 0
pragma: no-cache
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: JrHzv-T3IPACuzVVOm98ty5P7kfOZIfwoV4ALJJOy4OHdTw9QOQBHA==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET pixel_sync
trends.revcontent.com/cm/ Frame 3492 0
0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B723 0
0 101ms
101ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022201&jk=393867970964119&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 RTAFWjK1oaY5MR175eart5uncqyuFBD5-f7_3Cl3Idw.js Show response
pagead2.googlesyndication.com/bg/ Frame 1761 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RTAFWjK1oaY5MR175eart5uncqyuFBD5-f7_3Cl3Idw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4530055a32b5a1a639311d7be5e6abb79ba772acae1410f9f9feffdc297721dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 10:21:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4226
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13529
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 Feb 2023 10:21:11 GMT

GET sync
gum.criteo.com/ Frame 3492 0
0

GET
H3 200 pa_backupads_lib.js Show response
projectagoralibs.com/libs/ Frame 38D4 4 KB
2 KB 35ms
23ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag/latest/pav2.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1270
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: DAYMR1C9R9V0CRCM
x-amz-id-2: 0l3xEk4yxqgIrdViFtspLIGLDH6uW0Me5npRWV0EYIGHb2Z2u6OKzMSPhk2Od3PbBGqz99a51EY=
last-modified: Tue, 20 Jul 2021 08:31:03 GMT
server: cloudflare
etag: W/"2d16b383f5bd347613b311222e31c59d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46HIOEVggdnIAy3UjTxQa2q4DREL5N%2FbJwg6nc0hWI94pJIAcjUOHatRhi9Afq9HK%2FoLq6gRnQX7DdMwy6UeBcqQdGsoDrh%2FDWzXHfvPGvSvtAUBCbukH%2FMzRk5grE0QN2ZAswvCouda7le3U00X4dnLag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6e285e619b516937-FRA

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 8AEF 0
103 B 29ms
29ms Image
text/plain 52.208.122.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiNDA2ODYzNGMtNGRmMS00OGEzLTk4YjYtYmRiZDM1YmQ5ZTI2IiwiaG9zdG5hbWUiOiJ3d3cuZ2F6ZXRhZXhwcmVzcy5jb20iLCJldmVudHNCeVBsYWNlbWVudENvZGUiOlt7InNpemVzIjpbXSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbeyJiaWRkZXIiOiJPUEVOWCJ9LHsiYmlkZGVyIjoiT1BFTlgifSx7ImJpZGRlciI6IkNSSVRFTyJ9LHsiYmlkZGVyIjoiQVBQTkVYVVMifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiSVgifSx7ImJpZGRlciI6IlBVQk1BVElDIn0seyJiaWRkZXIiOiJUUklQTEVMSUZUIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJSVUJJQ09OIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19XX0%3D&id=4068634c-4df1-48a3-98b6-bdbd35bd9e26&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.122.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-122-63.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 24 Feb 2022 11:31:37 GMT
Server: nginx

GET seg
secure.adnxs.com/ Frame 3492 0
0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1761 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?7_jkKg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H/1.1 200
OK graphql Show response
s333.adxpremium.services/ 84 B
533 B 20ms
20ms XHR
application/json 152.228.222.122
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s333.adxpremium.services/graphql
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 152.228.222.122 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3189334.ip-152-228-222.eu
Software: /
Resource Hash: 05760f80abc323ab1ef34aa1fd9d559293726b1fedc67ac1cb61cdea9a464f14

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 24 Feb 2022 11:31:38 GMT
access-control-allow-methods: HEAD, GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-GraphQL-Event-Stream
x-graphql-event-stream: /graphql/stream
access-control-allow-headers: Origin, X-Requested-With, Accept, Authorization, X-Apollo-Tracing, Content-Type, Content-Length, X-PostGraphile-Explain
content-length: 84

OPTIONS
H/1.1 200
OK graphql
s333.adxpremium.services/ Frame 0
0 111ms
20ms Preflight 152.228.222.122
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s333.adxpremium.services/graphql
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 152.228.222.122 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3189334.ip-152-228-222.eu
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.gazetaexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST
access-control-allow-headers: Origin, X-Requested-With, Accept, Authorization, X-Apollo-Tracing, Content-Type, Content-Length, X-PostGraphile-Explain
access-control-expose-headers: X-GraphQL-Event-Stream
x-graphql-event-stream: /graphql/stream
date: Thu, 24 Feb 2022 11:31:38 GMT
content-length: 0

GET Pug
simage2.pubmatic.com/AdServer/ Frame 3492 0
0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 73ms
72ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022201&jk=393867970964119&bg=!fX6lfjrNAAbf-5Dq3_s7ACkAdvg8Wpu_vEDZ4Ov6c9GtJ6r6FmlD6p13-1dgLpm_omMPC1xMVZV9OgIAAABTUgAAAANoAQeZAtKmEF7DsnyEhCpS6DEmYgOhbl2mCldiglIpTCemdlthhVBZfKgK1r9T35fD73PbUslX8xv4c1AyiZ-TR6ne0gPle9QlroWNhbDZrSWmEN-h5TlXSWwBius22pwTjg7z1w9w_fzx0ho94Rlf-CzulgMfjmVJyweR8cz38uw3ZkWrcfN1Zg__9ruTJ6qvcnLG3vPVNdfP9-cmJaYEXitjsQ9EduIzKLU3bb64heO75C2WLgOAllMpYbRE3dcT0qp2d6CUAKSR6lP1_Ee6uhAvN_4h8UvHqEtGeQRl9XIxArs0CDOp_CdieBzIMjQ4w9xUFOwjr8vr7QlEsTR91OXNWzjaKWg6bWxJWrPEXXis7Vq0aELoH46l-DzzbnlIVDL12exa4rniIiZaBLRW6qukThMa22bDIsfz14P97rOvIlpHaPt9wSAe8zVVLaosyfGyYyBIy0keBHEi7J-lpQNTg6rIMWh1BWhAEmM_l32qxKXteEQV7NWQKK8qJB4BqLkFnOp-6SOiw9bvfsa1gb3qt3fGnqngtzLwKaC-U77DhhuQhzJxcMxHSD6fvl0n1Eq5dugPRXrqNAgPq5OI4VTks4Htm8U3QCQHcl6V-V_C9I7h9EMTuvQYwnx5vNoIZAPz49CF3Tdbmrpjtr16M5mVbe4naihksgV-94_kJRxi4s9ogW2-cRtuefEExUTQ__8IV36tnhn1ejdg4pQQIXRfYoJ8eDt92ZlSkDcMctLhd57d5EReQPfYWX4gFIIJXCntexhGZE40s7qE6o-cIW185aMgtEoxrVDVBQ0RFUYsIz0u8z0rAYPChvHDFJZCshekhCPKDkxIfPYgwZdjkBXkJzDKExbCsBCVO-QXqAQMMAKgqMpiK3bcxWVBopcePkTaMId0LSmVfc0xfgAcsb83RLYpBL9QHHiZPVKJ81ESl7qCfzq7g1YDONEbQ-RzIwhDAWSOvQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 bulk Show response
trc.taboola.com/gazetaexpress300x250hu-r16604718/log/3/ Frame 603A 0
300 B 16ms
16ms XHR
image/gif 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/gazetaexpress300x250hu-r16604718/log/3/bulk?route=AM%3AAM%3AV&lti=lazy-load-tags_var&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 10
pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
via: 1.1 varnish
server: nginx
x-timer: S1645702299.628132,VS0,VE10
x-served-by: cache-hhn4062-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

POST
H2 204 bulk Show response
trc.taboola.com/gazetaexpress300x250hu-r16604718/log/3/ Frame 5FEE 0
57 B 16ms
16ms XHR
image/gif 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/gazetaexpress300x250hu-r16604718/log/3/bulk?route=AM%3AAM%3AV&lti=lazy-load-tags_var&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gazetaexpress.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 10
pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
via: 1.1 varnish
server: nginx
x-timer: S1645702299.647550,VS0,VE10
x-served-by: cache-hhn4062-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 603A 254 B
710 B 6ms
6ms Image
image/png 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 15445
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: yeuhtSaIHTRzn5Sb/BhoRbmorY6jlIGKTN3jBjNJ2gjscig6jQv3GZOmCUvDSqzUCzHWH69H00k=
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1645702299.662519,VS0,VE0
date: Thu, 24 Feb 2022 11:31:38 GMT
x-amz-request-id: DM4PBFJ9QH08DD7N
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 95
x-cache-hits: 8800

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 5FEE 254 B
325 B 6ms
6ms Image
image/png 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 15445
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: yeuhtSaIHTRzn5Sb/BhoRbmorY6jlIGKTN3jBjNJ2gjscig6jQv3GZOmCUvDSqzUCzHWH69H00k=
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1645702299.678903,VS0,VE0
date: Thu, 24 Feb 2022 11:31:38 GMT
x-amz-request-id: DM4PBFJ9QH08DD7N
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 95
x-cache-hits: 8801

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 17ms
17ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:38 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 25 Feb 2022 11:31:38 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame D548 13 KB
5 KB 18ms
17ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 3192
date: Thu, 24 Feb 2022 11:31:38 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 90 KB
28 KB 55ms
27ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:38 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 25 Feb 2022 11:31:38 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame D548
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=0&topUrl=www.gazetaexpress.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=FuUDEnx6c0x2MGtiZ3plZGdsWm5iUERwWGlXRm5MRlJTWlUrK0t6RVRTamxPNDlLQUhyWkloTm84OGJieW9pcjNWb1lmcXFHZGc2ZEQwNTZhZkZIeU81ci8rNkJZT1FuK0xVVms2UTdkNkpNK2ZVV2xCTVlxdWFiN1QzNz...

419 B
624 B

162ms
17ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=FuUDEnx6c0x2MGtiZ3plZGdsWm5iUERwWGlXRm5MRlJTWlUrK0t6RVRTamxPNDlLQUhyWkloTm84OGJieW9pcjNWb1lmcXFHZGc2ZEQwNTZhZkZIeU81ci8rNkJZT1FuK0xVVms2UTdkNkpNK2ZVV2xCTVlxdWFiN1QzNzAzQVFqWER0RnkwYXpZa0NYMEdCcHJzN1RXcDhRQmJrZkhkaSt0NkVKWHJyUkJwNDhpYi9aRThpNDdTdThySlk2RVJkWXN6OVpubFozWm9mUklIZ2ZRMis3YlYxV0pLSHo0OStROU9va2E2L3VTaFhvM2ZkWTY5dHY2QWJkRzZjdWtVMmUzVWZwQVltUm1mRDBxbENhQVR0N05kWG50UT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

211f8bf50201d9010c1c867e5f670f969c7c4450a89e4dab2d786bf3536d2baa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4391
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=FuUDEnx6c0x2MGtiZ3plZGdsWm5iUERwWGlXRm5MRlJTWlUrK0t6RVRTamxPNDlLQUhyWkloTm84OGJieW9pcjNWb1lmcXFHZGc2ZEQwNTZhZkZIeU81ci8rNkJZT1FuK0xVVms2UTdkNkpNK2ZVV2xCTVlxdWFiN1QzNzAzQVFqWER0RnkwYXpZa0NYMEdCcHJzN1RXcDhRQmJrZkhkaSt0NkVKWHJyUkJwNDhpYi9aRThpNDdTdThySlk2RVJkWXN6OVpubFozWm9mUklIZ2ZRMis3YlYxV0pLSHo0OStROU9va2E2L3VTaFhvM2ZkWTY5dHY2QWJkRzZjdWtVMmUzVWZwQVltUm1mRDBxbENhQVR0N05kWG50UT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1866
content-length: 541
expires: 0

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 0381 926 B
1 KB 70ms
21ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

Date: Thu, 24 Feb 2022 11:31:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: NDl4zV72Ah2L/2ecv/Z/EpP2mX2SRreIrvnUyth+WQgC1PDnAVXL2h19HebxNhbZU+z/5/z0XfQ=
x-amz-request-id: 3VMCVX9Y71Z88CX2
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 1338
Expires: Thu, 24 Feb 2022 11:32:39 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6e285e693e955c9e-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame B1E8 281 B
554 B 7ms
7ms Document
text/html 23.0.42.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.0.42.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-0-42-150.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 24 Feb 2022 11:31:39 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 00D8 0
0 19ms
19ms Document
text/plain 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13396601
Requested by: Host: adxbid.info
URL: https://adxbid.info/gazetaexpress.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

Server: nginx
Date: Thu, 24 Feb 2022 11:31:39 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap2ams1

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame B1E8 33 KB
10 KB 8ms
8ms Script
text/html 23.0.42.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.0.42.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-0-42-150.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 07ec0272972dcdb6e079ce032e15cc1f6de374d89b9fdb9cf9af5c2dd2c1070b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Thu, 24 Feb 2022 11:31:39 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 19:52:27 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=14532
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9760
Expires: Thu, 24 Feb 2022 15:33:51 GMT

GET
H3 200 logo-one.png
www.gazetaexpress.com/webads/onefor/02.seconds-960x200/ Frame 6544 19 KB
20 KB 17ms
16ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/logo-one.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ef36d3e34b930ad3353f5ef5da59ff015b1954c2091c0f84b3f2e178f093ace

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:39 GMT
cf-cache-status: HIT
last-modified: Tue, 22 Feb 2022 14:57:55 GMT
server: cloudflare
age: 160204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UcrpApr5NF4yELCY%2FVUJPgXeRvg1%2BelpuZfx8%2BMWXKlpFZ%2FJNuaKRAQYKDLcQRJBxDMJd6BSbG45sx2xCovRiA8bXESYRJd0ckyeSCvdIQSAkxw18L%2F52S8zK4iYDDHeTqIus9ADevs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e692d9692a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 04 Mar 2022 14:59:00 GMT

GET
H3 200 strelka.png
www.gazetaexpress.com/webads/onefor/02.seconds-960x200/ Frame 6544 2 KB
3 KB 17ms
17ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/strelka.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fb1056743f1bafe3a3c2d8686e607045b04176e725754914deccc92425418f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/webads/onefor/02.seconds-960x200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:39 GMT
cf-cache-status: HIT
last-modified: Tue, 22 Feb 2022 14:57:55 GMT
server: cloudflare
age: 160204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9e0DRTy47ECBC4TNnxSa9d5ZYIcPOp8sK0Tq9AjU%2BWxrGmnKgimid0N%2FvOI6n%2BKPflfDbwXsmxMwwh1YjIzdVuFUrjsIVkx%2BDDUXLgG7127kKCUyxXh0xaK3eVZmhPGBmffxmPIW8Lg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e692d9a92a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 04 Mar 2022 14:59:00 GMT

GET
H3 200 300.png
www.gazetaexpress.com/webads/onefor/728x90/ Frame F3A6 2 KB
3 KB 23ms
23ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/webads/onefor/728x90/300.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6045966d65c172b7ae03892afff4a83a922ef3fe27dedec338922069be988d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:39 GMT
cf-cache-status: HIT
last-modified: Tue, 22 Feb 2022 14:58:02 GMT
server: cloudflare
age: 160202
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOdn8MVyJueh1Y%2BpOGrDQUwFeTah%2F4vEeE8ABkPqDW9QLweDQbZycKuQ74bOztaU5QJtdXaS%2FXXvKLOelxRUvkdVXsBPc9Mc%2BVUTf3EHPFguPxmTWZv%2Fk3BC%2BoFWQxmUnHo9c84QYO4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e695dfb92a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 04 Mar 2022 15:01:37 GMT

GET
H3 200 logo-one.png
www.gazetaexpress.com/webads/onefor/728x90/ Frame F3A6 19 KB
20 KB 24ms
24ms Image
image/png 172.64.201.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gazetaexpress.com/webads/onefor/728x90/logo-one.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.201.10 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ef36d3e34b930ad3353f5ef5da59ff015b1954c2091c0f84b3f2e178f093ace

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/webads/onefor/728x90/index.html?utm_source=Gazeta+Express
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public, public
date: Thu, 24 Feb 2022 11:31:39 GMT
cf-cache-status: HIT
last-modified: Tue, 22 Feb 2022 14:58:03 GMT
server: cloudflare
age: 160202
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPE47p7%2BI3s9ePgk7ECTMi3TZh0Uwb0cBkjs9K%2BcwvHzuqJgGn7dZcq201HZdgEaVxG5OadajhFOhzY76Ap64Lf17RHxTvEatQhN6yL%2FttaqSzemMgeI685%2FvJlESywOY1ZiSJ2oLKQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e285e695e0192a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 04 Mar 2022 15:01:37 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame BE42 90 KB
28 KB 17ms
17ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 25 Feb 2022 11:31:39 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame B642 13 KB
5 KB 19ms
18ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2905
date: Thu, 24 Feb 2022 11:31:38 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 635F 90 KB
28 KB 17ms
17ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 25 Feb 2022 11:31:39 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame B642
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=2LaE6F95SFJBM1lSMzNBWURXanBBWURSUEZxZlQzUm5EVWt5MUZqUVZLa1BV...
https://mug.criteo.com/sid?cpp=vJpUmnxtRUsrS3hMZHFadlNvSGxuZnNDU1RkeDdFSW1VYjF4cGFnS3NUUVpwTXFVZjlxSXcrNXlFZ3liUmZXQW1KNU5ldnp0Ty8zTFVCc0c5T2hJV1FxbW9GeHVxeXhudmk1YUxxYlFzTk5OUDcrWGhKb3NYc2RjNjJWeH...

419 B
623 B

16ms
16ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=vJpUmnxtRUsrS3hMZHFadlNvSGxuZnNDU1RkeDdFSW1VYjF4cGFnS3NUUVpwTXFVZjlxSXcrNXlFZ3liUmZXQW1KNU5ldnp0Ty8zTFVCc0c5T2hJV1FxbW9GeHVxeXhudmk1YUxxYlFzTk5OUDcrWGhKb3NYc2RjNjJWeHF3U1BxOFE1K3lFeS9WM3c0eDNLVUlBRzZhWFpsbUpDUnZwSCtOOE1kWjMyOEJINTROMjRxSTYzNnduWDhzTEo5cStvRDdKWUZPam5FdlNGZ2NLdFJVRXZtaVR1Q1NvT20yditSZzFoWTVKZ1BJRjJtWFRKRk5rNVl0cjVxMmNqMnp3bW9qRzBHWGp4ZFh5bDJEL0J6TEJwWk9pZldNWjVwdGd4MTN3N0Y0Z0lRUWk0OFFBbz18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

07dc4a8414f0359b4ca8f8d6813e8b0fbda31e8ce5b8905ff2215d3fe2f3acd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3149
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=vJpUmnxtRUsrS3hMZHFadlNvSGxuZnNDU1RkeDdFSW1VYjF4cGFnS3NUUVpwTXFVZjlxSXcrNXlFZ3liUmZXQW1KNU5ldnp0Ty8zTFVCc0c5T2hJV1FxbW9GeHVxeXhudmk1YUxxYlFzTk5OUDcrWGhKb3NYc2RjNjJWeHF3U1BxOFE1K3lFeS9WM3c0eDNLVUlBRzZhWFpsbUpDUnZwSCtOOE1kWjMyOEJINTROMjRxSTYzNnduWDhzTEo5cStvRDdKWUZPam5FdlNGZ2NLdFJVRXZtaVR1Q1NvT20yditSZzFoWTVKZ1BJRjJtWFRKRk5rNVl0cjVxMmNqMnp3bW9qRzBHWGp4ZFh5bDJEL0J6TEJwWk9pZldNWjVwdGd4MTN3N0Y0Z0lRUWk0OFFBbz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1772
content-length: 567
expires: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame FF60 90 KB
28 KB 17ms
17ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 25 Feb 2022 11:31:39 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4366 13 KB
5 KB 20ms
20ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 3944
date: Thu, 24 Feb 2022 11:31:38 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 9C64 13 KB
5 KB 18ms
18ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 3385
date: Thu, 24 Feb 2022 11:31:38 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4366
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=2LaE6F95SFJBM1lSMzNBWURXanBBWURSUEZxZlQzUm5EVWt5MUZqUVZLa1BV...
https://mug.criteo.com/sid?cpp=yJPS4HxvTUMyalNaeVMwUERBM0hPR3U1eFg1M1F5WDVmV2k0eW9JUDNXbStrZC9iZzdtWHJCTm11bmlSYWhqZ3FuWEx2aWpsMlpBeTR1ZmJ1RmFJcUdlTnlUeXlWVmJwUkx5Vk01TUwxTVJ0bXFJWkJ4bE01bUJIbzBuTW...

430 B
632 B

17ms
16ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=yJPS4HxvTUMyalNaeVMwUERBM0hPR3U1eFg1M1F5WDVmV2k0eW9JUDNXbStrZC9iZzdtWHJCTm11bmlSYWhqZ3FuWEx2aWpsMlpBeTR1ZmJ1RmFJcUdlTnlUeXlWVmJwUkx5Vk01TUwxTVJ0bXFJWkJ4bE01bUJIbzBuTW00R0RXVjRSNnN5ZjJJazcrcmZNZnNFZ3VsNHpTak5yZXNNUnV1TmoxNENwb2R2N3NUKzFDVE5FdEFTUDFqQnV3cWh1ZEsvUU5qemZHYklTZWpHTVlENDQxSnVpaWkwN0RSdW1FdVRiMXlnQU1vZGtodjloS1BrMUdWRUcvd2lGZDFrTzRFZDVlaFVjSmh3RVBZRW1lK29JdzViT240aVkzdmlBMEZVbWNEYURrTmFhM3dHST18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

44518302cf6d30417b1ec561a1fe68bc9cfebcf8e1cb67c32232624ccf4ee6c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3761
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:39 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=yJPS4HxvTUMyalNaeVMwUERBM0hPR3U1eFg1M1F5WDVmV2k0eW9JUDNXbStrZC9iZzdtWHJCTm11bmlSYWhqZ3FuWEx2aWpsMlpBeTR1ZmJ1RmFJcUdlTnlUeXlWVmJwUkx5Vk01TUwxTVJ0bXFJWkJ4bE01bUJIbzBuTW00R0RXVjRSNnN5ZjJJazcrcmZNZnNFZ3VsNHpTak5yZXNNUnV1TmoxNENwb2R2N3NUKzFDVE5FdEFTUDFqQnV3cWh1ZEsvUU5qemZHYklTZWpHTVlENDQxSnVpaWkwN0RSdW1FdVRiMXlnQU1vZGtodjloS1BrMUdWRUcvd2lGZDFrTzRFZDVlaFVjSmh3RVBZRW1lK29JdzViT240aVkzdmlBMEZVbWNEYURrTmFhM3dHST18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2073
content-length: 567
expires: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame CEAA 90 KB
28 KB 19ms
19ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 25 Feb 2022 11:31:39 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 9C64
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=2LaE6F95SFJBM1lSMzNBWURXanBBWURSUEZxZlQzUm5EVWt5MUZqUVZLa1BV...
https://mug.criteo.com/sid?cpp=QzOFNXwyR3ExWXBFdDhYUHRIbEljM0RGVk9kcHhSczREdjZvQzVnSU5yRlNlbmZjeDRuemdMclEyTmt6dGQ2eXAzZWpXODhCTnZvaWZXa0thejRQWWRCZHM0OGhHK20yVHZUMDN6R0JqWm5FWXNhd21hc2ZmSFRzRHZPOW...

428 B
631 B

19ms
18ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=QzOFNXwyR3ExWXBFdDhYUHRIbEljM0RGVk9kcHhSczREdjZvQzVnSU5yRlNlbmZjeDRuemdMclEyTmt6dGQ2eXAzZWpXODhCTnZvaWZXa0thejRQWWRCZHM0OGhHK20yVHZUMDN6R0JqWm5FWXNhd21hc2ZmSFRzRHZPOWt6R0k2VlB2VXRFekNEREdVKzRpMys0dGxYdWJQQWFuSXZ0ZGcvQnlKRzZqR0MxdlpRV1RkQnRVVURZZTIvTVROUlBIQXdqQkRQd1lUZ1gxRHllRmRHUnFibSt4N1ZvUnl5SFhDNmNjMHJ1ZzJuamhkc0lZZkdPNUJUTVBVRWtjUVBYNE9aZEQvSXZKdDNDRDUvdVdnWGVOMk1vZHZOL04ySGplNDhGS1M4ZW45cmd1MEgzZz18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e45284f51bfb919240b236b488aaa149c13a5bf3654b8157ccda35a9131a7eaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4460
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:39 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=QzOFNXwyR3ExWXBFdDhYUHRIbEljM0RGVk9kcHhSczREdjZvQzVnSU5yRlNlbmZjeDRuemdMclEyTmt6dGQ2eXAzZWpXODhCTnZvaWZXa0thejRQWWRCZHM0OGhHK20yVHZUMDN6R0JqWm5FWXNhd21hc2ZmSFRzRHZPOWt6R0k2VlB2VXRFekNEREdVKzRpMys0dGxYdWJQQWFuSXZ0ZGcvQnlKRzZqR0MxdlpRV1RkQnRVVURZZTIvTVROUlBIQXdqQkRQd1lUZ1gxRHllRmRHUnFibSt4N1ZvUnl5SFhDNmNjMHJ1ZzJuamhkc0lZZkdPNUJUTVBVRWtjUVBYNE9aZEQvSXZKdDNDRDUvdVdnWGVOMk1vZHZOL04ySGplNDhGS1M4ZW45cmd1MEgzZz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2089
content-length: 567
expires: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 387E 13 KB
5 KB 18ms
17ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 3116
date: Thu, 24 Feb 2022 11:31:39 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2

200

sid Show response
mug.criteo.com/ Frame 387E
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=bZIi3l95SFJBM1lSMzNBWURXanBBWURSUEZ2c2IxOXMlMkZuQnNXWXgzVzMw...
https://mug.criteo.com/sid?cpp=xylBwXxHNGh6cUxkRXdCamcvMTJCbkdrWmNpTSs3b210NENqM2owODdRQnYwclRlVmdhWDFtRnJoS1RTaE1HQTVGZytVS2RObHVJYmxidTM0TkhvcVUyZnNpSzdUU1YwYXBSRzF0WEJkZTNIbzdMdjVudzRFb1VrVXl5d0...

425 B
632 B

18ms
17ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=xylBwXxHNGh6cUxkRXdCamcvMTJCbkdrWmNpTSs3b210NENqM2owODdRQnYwclRlVmdhWDFtRnJoS1RTaE1HQTVGZytVS2RObHVJYmxidTM0TkhvcVUyZnNpSzdUU1YwYXBSRzF0WEJkZTNIbzdMdjVudzRFb1VrVXl5d0sxcHQ4WGpNaFRPU2ZIcUJzRFV3a1JoVXVRWVdSN3E5dTZLdGpVYnJjWGFpYjZxbWJoWTlCbmJKU254dldJZ0tiN2MyYUpIdlRsUDNnMHN4dUgrcHZFRmhxbE8wUnZVVmY1SFgyMGdhYjdrTnBmcVdmUFZVbVV5WTdHR3lPYTdtRElRMElmYm8xNXJrdGt3V29saUt4RG9iYU5HZ3dnbnFpWGt0NmYveFVnTUFra2tjOEFqcz18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

4ead03c19b4d181840781c19a827dd4259deec0f7ae54c4cb592c4bdbfd72ccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3959
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=xylBwXxHNGh6cUxkRXdCamcvMTJCbkdrWmNpTSs3b210NENqM2owODdRQnYwclRlVmdhWDFtRnJoS1RTaE1HQTVGZytVS2RObHVJYmxidTM0TkhvcVUyZnNpSzdUU1YwYXBSRzF0WEJkZTNIbzdMdjVudzRFb1VrVXl5d0sxcHQ4WGpNaFRPU2ZIcUJzRFV3a1JoVXVRWVdSN3E5dTZLdGpVYnJjWGFpYjZxbWJoWTlCbmJKU254dldJZ0tiN2MyYUpIdlRsUDNnMHN4dUgrcHZFRmhxbE8wUnZVVmY1SFgyMGdhYjdrTnBmcVdmUFZVbVV5WTdHR3lPYTdtRElRMElmYm8xNXJrdGt3V29saUt4RG9iYU5HZ3dnbnFpWGt0NmYveFVnTUFra2tjOEFqcz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1899
content-length: 567
expires: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 7B20 90 KB
28 KB 16ms
16ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 25 Feb 2022 11:31:39 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4C87 13 KB
5 KB 18ms
18ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 3007
date: Thu, 24 Feb 2022 11:31:39 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4C87
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=H5CAeF95SFJBM1lSMzNBWURXanBBWURSUEZyblpFRyUyQkhkanozZm1tbUgx...
https://mug.criteo.com/sid?cpp=MHxIJXxLL0tTdVF2SjJYd09PbXhSb0lXRndRbXkrYmcraEo3WFNndW4wa1pxZ0xkRGhpd1Bwcm5Dam80aGJ2L0x4MjhzWm9rMWxhd0NzM05MblFNY2lkUytXRFYrS0JRd3ZKejk5emJtbmFmRzlGZ0pTRTRlWmo3V2dnTj...

428 B
634 B

20ms
20ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=MHxIJXxLL0tTdVF2SjJYd09PbXhSb0lXRndRbXkrYmcraEo3WFNndW4wa1pxZ0xkRGhpd1Bwcm5Dam80aGJ2L0x4MjhzWm9rMWxhd0NzM05MblFNY2lkUytXRFYrS0JRd3ZKejk5emJtbmFmRzlGZ0pTRTRlWmo3V2dnTjQyekZ5ZDNLWHIxeDdYWDRLNmdWWnpqN3JkMTlsQXVhMkwrempPTVZhN2FzejBib1M4RGNwOUcyZnRSenN0Y1liVzZiVHl3SlJFdmEwWDFpYXNqSDBxMkZkRlppelNWZmtKbXc1TVdCbU40dnlKRlZINmEzeHBRS2xsSlBJYkR1SDFvNzJTM3hiajluQU5CTm1zTHdpTnVZTlRzR2lXR1dGTUNtbEpwcVpNeUZJVTRtellRVT18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

8e84cd404c673fd91bb715cb846a54b721759aef1aeb6482b348a9fa2cfa87be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3968
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:38 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=MHxIJXxLL0tTdVF2SjJYd09PbXhSb0lXRndRbXkrYmcraEo3WFNndW4wa1pxZ0xkRGhpd1Bwcm5Dam80aGJ2L0x4MjhzWm9rMWxhd0NzM05MblFNY2lkUytXRFYrS0JRd3ZKejk5emJtbmFmRzlGZ0pTRTRlWmo3V2dnTjQyekZ5ZDNLWHIxeDdYWDRLNmdWWnpqN3JkMTlsQXVhMkwrempPTVZhN2FzejBib1M4RGNwOUcyZnRSenN0Y1liVzZiVHl3SlJFdmEwWDFpYXNqSDBxMkZkRlppelNWZmtKbXc1TVdCbU40dnlKRlZINmEzeHBRS2xsSlBJYkR1SDFvNzJTM3hiajluQU5CTm1zTHdpTnVZTlRzR2lXR1dGTUNtbEpwcVpNeUZJVTRtellRVT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2551
content-length: 567
expires: 0

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ Frame 603A 2 KB
1 KB 10ms
9ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding: gzip
etag: "3aa74dbf5cd656dbb65deda2d238ddbd"
age: 2414
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 911
x-amz-id-2: d2c+S+ILbil9YoWV0pdRt5sw8P0XC/NhHYbhmL4aRwQla6EAzDzo1EmADmZOYSNh2V3J9hbip1I=
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 14 Jul 2021 05:06:01 GMT
server: AmazonS3
x-timer: S1645702300.614347,VS0,VE0
date: Thu, 24 Feb 2022 11:31:39 GMT
vary: Accept-Encoding
x-amz-request-id: 6CY1FG8Q11T7G8KE
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 95
x-cache-hits: 6197

GET
H2 200 eid.js Show response
cdn.taboola.com/scripts/ Frame 603A 14 KB
5 KB 10ms
10ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/eid.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: Rgk6TX83.a2Xbi9.mRUycMEPnxVzEJhe
content-encoding: gzip
etag: "f7917ed1eb799a729725a7db50d1f828"
age: 8132
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5258
x-amz-id-2: Rhh0WCO+nH/zCfz3jMuRc6c0XnxbSs+HWO0GK9r2x4mf5YFhPlfQqTSv3iCD1wQHcZnxVg9CFQU=
x-served-by: cache-hhn4062-HHN
last-modified: Tue, 28 Dec 2021 08:10:40 GMT
server: AmazonS3
x-timer: S1645702300.614441,VS0,VE0
date: Thu, 24 Feb 2022 11:31:39 GMT
vary: Accept-Encoding
x-amz-request-id: 4QYNQ0077R21PYSA
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 95
x-cache-hits: 18955

GET
H2 200 / Show response
pips.taboola.com/ Frame 603A 64 B
244 B 27ms
6ms XHR
text/plain 2a04:4e42:200::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ae86f4dd65c4e172b6835e3ca7199ba5775404599a4a4ddafb1df68280c4fdcb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
via: 1.1 varnish
server: Varnish
x-served-by: cache-hhn4047-HHN
access-control-allow-methods: GET
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-store
x-cache: HIT
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ Frame 5FEE 2 KB
983 B 15ms
15ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding: gzip
etag: "3aa74dbf5cd656dbb65deda2d238ddbd"
age: 2414
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 911
x-amz-id-2: d2c+S+ILbil9YoWV0pdRt5sw8P0XC/NhHYbhmL4aRwQla6EAzDzo1EmADmZOYSNh2V3J9hbip1I=
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 14 Jul 2021 05:06:01 GMT
server: AmazonS3
x-timer: S1645702300.637316,VS0,VE0
date: Thu, 24 Feb 2022 11:31:39 GMT
vary: Accept-Encoding
x-amz-request-id: 6CY1FG8Q11T7G8KE
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 95
x-cache-hits: 6198

GET
H2 200 eid.js Show response
cdn.taboola.com/scripts/ Frame 5FEE 14 KB
5 KB 14ms
14ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/eid.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220220-8_b8-PR-42819-DEV-106124-lazy-loading-sc-viewability-tags-4570173b67f-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: Rgk6TX83.a2Xbi9.mRUycMEPnxVzEJhe
content-encoding: gzip
etag: "f7917ed1eb799a729725a7db50d1f828"
age: 8132
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5258
x-amz-id-2: Rhh0WCO+nH/zCfz3jMuRc6c0XnxbSs+HWO0GK9r2x4mf5YFhPlfQqTSv3iCD1wQHcZnxVg9CFQU=
x-served-by: cache-hhn4062-HHN
last-modified: Tue, 28 Dec 2021 08:10:40 GMT
server: AmazonS3
x-timer: S1645702300.637378,VS0,VE0
date: Thu, 24 Feb 2022 11:31:39 GMT
vary: Accept-Encoding
x-amz-request-id: 4QYNQ0077R21PYSA
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 95
x-cache-hits: 18956

GET
H2 200 / Show response
pips.taboola.com/ Frame 5FEE 64 B
99 B 6ms
6ms XHR
text/plain 2a04:4e42:200::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ae86f4dd65c4e172b6835e3ca7199ba5775404599a4a4ddafb1df68280c4fdcb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
via: 1.1 varnish
server: Varnish
x-served-by: cache-hhn4047-HHN
access-control-allow-methods: GET
access-control-allow-origin: https://www.gazetaexpress.com
cache-control: no-store
x-cache: HIT
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H/1.1 204
No Content / Show response
cds.taboola.com/ Frame 603A 0
155 B 268ms
87ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=1e224a7e-16ca-45ec-9cd5-53f1a992496d-tuct910f219&uad=d8f4f7589e5ecac8f3938b7c06d4496f218a7e0c6ab4eb15596d9c6a3c351367
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 24 Feb 2022 11:31:39 GMT
Cache-Control: no-store
Server: nginx
Connection: close

GET
H/1.1 204
No Content / Show response
cds.taboola.com/ Frame 5FEE 0
155 B 264ms
89ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=0b99788c-8897-4434-9269-0d83590e6511-tuct910f219&uad=d8f4f7589e5ecac8f3938b7c06d4496f218a7e0c6ab4eb15596d9c6a3c351367
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 24 Feb 2022 11:31:39 GMT
Cache-Control: no-store
Server: nginx
Connection: close

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 8AEF 90 KB
28 KB 16ms
16ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 25 Feb 2022 11:31:39 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7B3B 13 KB
5 KB 18ms
17ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.gazetaexpress.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 3047
date: Thu, 24 Feb 2022 11:31:39 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2

200

sid Show response
mug.criteo.com/ Frame 7B3B
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=gazetaexpress.com&sn=ChromeSyncframe&so=3&topUrl=www.gazetaexpress.com&bundle=8qBKjF95SFJBM1lSMzNBWURXanBBWURSUEZuZlV0MjM4QUphT1FRbktDVzE1...
https://mug.criteo.com/sid?cpp=g0v-5nxLZzZaT3FZa0tqR0pJQm9CQTFzMXZKVU13YTYyN2tGZTk4VzlaRGUxUnhQMEFBWFVsTnV4S1piY1hBdWxWc1V5Lzh2TGcwWko2M2wxUFFyWUlabGlzejRpTjBiZDRIOSsrMHZpd1NYK1RIZVcxS2hNeE5leUFPal...

430 B
633 B

17ms
16ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=g0v-5nxLZzZaT3FZa0tqR0pJQm9CQTFzMXZKVU13YTYyN2tGZTk4VzlaRGUxUnhQMEFBWFVsTnV4S1piY1hBdWxWc1V5Lzh2TGcwWko2M2wxUFFyWUlabGlzejRpTjBiZDRIOSsrMHZpd1NYK1RIZVcxS2hNeE5leUFPalF6dVZOMzhHTTBZeXE5ODhjSlJkYnVZVFovUyt1NU1qZkFlWHBSY3U3SzVBeFpjWXo0cUQvNnYwZXlCVy90aStsV1Fna0Q0WWxycnVtQWFRNUhaM1RFeWhGZmJaM0NGYjh3S3MvZ1hGTDlmd0orOHN6Qm9zZXpvN0dhdlNla1hSRVNDTEN2MVViallpSVdxQ2pnN3J4WmJ5bGtjQXhtT0ljb2pHdUp4WmNJZmMvN0dpNFRDcz18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

8d2bbfb7b70c9f4f0f20ebcf697c49ab27a40d0e0bdf942900d103f4e6a9a2c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:39 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3434
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:39 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=g0v-5nxLZzZaT3FZa0tqR0pJQm9CQTFzMXZKVU13YTYyN2tGZTk4VzlaRGUxUnhQMEFBWFVsTnV4S1piY1hBdWxWc1V5Lzh2TGcwWko2M2wxUFFyWUlabGlzejRpTjBiZDRIOSsrMHZpd1NYK1RIZVcxS2hNeE5leUFPalF6dVZOMzhHTTBZeXE5ODhjSlJkYnVZVFovUyt1NU1qZkFlWHBSY3U3SzVBeFpjWXo0cUQvNnYwZXlCVy90aStsV1Fna0Q0WWxycnVtQWFRNUhaM1RFeWhGZmJaM0NGYjh3S3MvZ1hGTDlmd0orOHN6Qm9zZXpvN0dhdlNla1hSRVNDTEN2MVViallpSVdxQ2pnN3J4WmJ5bGtjQXhtT0ljb2pHdUp4WmNJZmMvN0dpNFRDcz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2377
content-length: 567
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame BE42
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=

70 B
265 B

99ms
31ms

Image
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Protocol: H2
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame BE42
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156400
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MjkxNzZDMTMtNTRFNC00RERCLTk2QjAtOEE4ODBCNERENDU3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
219 B

157ms
157ms

Image
text/plain

192.82.242.208
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 192.82.242.208 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:40 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-store, no-cache, private
x-lat: amspug015:0:333
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 pd
u.openx.net/w/1.0/ Frame BE42 43 B
131 B 59ms
21ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/pd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pd
u.openx.net/w/1.0/ Frame 635F 43 B
120 B 44ms
21ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

404

xuidmid=7976&xuid=KwJrbUqfM&dongle=u6nf
eb2.3lift.com/ Frame 635F
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://ad.mrtnsvr.com/sync/triplelift
https://eb2.3lift.com/xuidmid=7976&xuid=KwJrbUqfM&dongle=u6nf

37 B
155 B

9ms
8ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuidmid=7976&xuid=KwJrbUqfM&dongle=u6nf
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
x-error: Not Found
content-length: 37
content-type: image/gif

Redirect headers

location: https://eb2.3lift.com/xuidmid=7976&xuid=KwJrbUqfM&dongle=u6nf
date: Thu, 24 Feb 2022 11:31:40 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92
vary: Origin
content-type: text/html; charset=utf-8

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 635F
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156400
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEE4QThCQTYtNEREQy00M0VFLUIxNzUtMDExMTA0NTczNTkw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

158ms
157ms

Image
text/plain

192.82.242.208
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 192.82.242.208 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:40 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-store, no-cache, private
x-lat: amspug012:0:478
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 pd
u.openx.net/w/1.0/ Frame FF60 43 B
75 B 22ms
21ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FF60
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

170 B
188 B

55ms
54ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame FF60
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156400
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjJERTNCMTctM0FGOC00M0ZGLUIxMzQtMTU5RTBBRUYyODVG&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

158ms
157ms

Image
text/plain

192.82.242.208
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 192.82.242.208 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:40 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-store, no-cache, private
x-lat: amspug002:0:357
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 pd
u.openx.net/w/1.0/ Frame CEAA 43 B
75 B 21ms
21ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CEAA
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDk2MzU3Njc4MjIzNjgwNzQ5NDYy

170 B
188 B

105ms
105ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDk2MzU3Njc4MjIzNjgwNzQ5NDYy

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDk2MzU3Njc4MjIzNjgwNzQ5NDYy
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame CEAA
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156400
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REQ1MjNFQkEtMjA5Qy00QzkzLTgwN0QtMjBFMTFEMEQzRTQw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

158ms
158ms

Image
text/plain

192.82.242.208
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 192.82.242.208 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:41 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-store, no-cache, private
x-lat: amspug011:0:514
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 7B20
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=496357678223680749462&dbredirect=true&gdpr=1&consent=

0
140 B

205ms
205ms

Image
text/plain

2620:1ec:22::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=496357678223680749462&dbredirect=true&gdpr=1&consent=
Protocol: H2
Server: 2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:39 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 10C678DC22DC4E6FABD293B1676B9AA5 Ref B: VIEEDGE1208 Ref C: 2022-02-24T11:31:40Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXYwe0KMspj3a3bZ32nUQ==

Redirect headers

location: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=496357678223680749462&dbredirect=true&gdpr=1&consent=
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 7B20
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156400
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REFFRDlEREQtN0IwMy00MDRDLTg2NUItQUI2MTE3OTg3RUZC&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

158ms
157ms

Image
text/plain

192.82.242.208
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 192.82.242.208 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:40 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-store, no-cache, private
x-lat: amspug016:0:403
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 pd
u.openx.net/w/1.0/ Frame 7B20 43 B
75 B 23ms
23ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 pd
u.openx.net/w/1.0/ Frame 8AEF 43 B
75 B 22ms
21ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid/latest/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Feb 2022 11:31:40 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 8AEF
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156400
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QTk3QzVDMUQtMUY5RS00RkY3LTg3NEMtRjc2REMzMDBCQUYw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

158ms
158ms

Image
text/plain

192.82.242.208
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 192.82.242.208 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:41 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Thu, 24 Feb 2022 11:31:39 GMT
cache-control: no-store, no-cache, private
x-lat: amspug001:0:437
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

xuid
eb2.3lift.com/ Frame 8AEF
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://pr-bh.ybp.yahoo.com/sync/triplelift/496357678223680749462?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-txp49rlE2oQbm7ke.YHo_jRhJ_WhE8ArkVy_vetwVQ--~A&dongle=0883

37 B
354 B

10ms
10ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-txp49rlE2oQbm7ke.YHo_jRhJ_WhE8ArkVy_vetwVQ--~A&dongle=0883
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gazetaexpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 11:31:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Thu, 24 Feb 2022 11:31:40 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-txp49rlE2oQbm7ke.YHo_jRhJ_WhE8ArkVy_vetwVQ--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gum.criteo.com
URL: https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40

Domain: partner.mediawallahscript.com
URL: https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-3f663iDUYWC3GwTwKspd9QhSlN7sX_2eko7olA&custom=&tag_format=img&tag_action=sync&custom=&cb=a0e49986-a4fb-4732-b5bb-ca01743b45b3

Domain: idsync.rlcdn.com
URL: https://idsync.rlcdn.com/362338.gif?partner_uid=k-3f663iDUYWC3GwTwKspd9QhSlN7sX_2eko7olA&ct=3&cv=1

Domain: pixel.tapad.com
URL: https://pixel.tapad.com/idsync/ex/receive?partner_id=2926&partner_device_id=k-3f663iDUYWC3GwTwKspd9QhSlN7sX_2eko7olA

Domain: ads.yahoo.com
URL: https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1

Domain: sp.analytics.yahoo.com
URL: https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=10028862&js=no

Domain: ups.analytics.yahoo.com
URL: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-qoPntSDUYWC3GwTwKspd9QhSlN7BLjCQnwO0BA

Domain: sync.outbrain.com
URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-gEk3giDUYWC3GwTwKspd9QhSlN5d5BYIyv9ibw

Domain: cw.addthis.com
URL: https://cw.addthis.com/t.gif?pid=113&pdid=k-3f663iDUYWC3GwTwKspd9QhSlN7sX_2eko7olA

Domain: pixel.rubiconproject.com
URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-0ubm4yDUYWC3GwTwKspd9QhSlN6Ivk_z60IyVg&expires=30

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/setuid?entity=52&code=k-kbuUfSDUYWC3GwTwKspd9QhSlN7A5lQGGBcAuQ&seg=95287

Domain: ad.tpmn.co.kr
URL: https://ad.tpmn.co.kr/pixelCt.tpmn?tpmn_nid=26a681017b4fdc02f3aef3aa921ede3e&tpmn_buid=k-9WQWmSDUYWC3GwTwKspd9QhSlN4D192dHhp7Tw

Domain: tg.socdm.com
URL: https://tg.socdm.com/aux/idsync?proto=criteo&dsp_uid=k-746IViDUYWC3GwTwKspd9QhSlN7dXyuk6fqGqg

Domain: adgen.socdm.com
URL: https://adgen.socdm.com/rtb/sync?proto=adgen&dspid=23

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-YoQzXSDUYWC3GwTwKspd9QhSlN4IdxGDDVqRNg

Domain: cs.adingo.jp
URL: https://cs.adingo.jp/sync/?from=criteo&id=k-7HofLyDUYWC3GwTwKspd9QhSlN61qEB6uJ53ww

Domain: eb2.3lift.com
URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-ER92QCDUYWC3GwTwKspd9QhSlN4JmKWOfzxXzA&dongle=013b

Domain: an.yandex.ru
URL: https://an.yandex.ru/mapuid/criteois/k-vIClfCDUYWC3GwTwKspd9QhSlN5vjFVfWA7O0A

Domain: contextual.media.net
URL: https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-_pbd8iDUYWC3GwTwKspd9QhSlN4eeiBRc-Akew

Domain: sync.ad-stir.com
URL: https://sync.ad-stir.com/?symbol=CRITEO&uid=k-4aS2eSDUYWC3GwTwKspd9QhSlN4OnUNIsJ1fYA

Domain: r.casalemedia.com
URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-pEACWiDUYWC3GwTwKspd9QhSlN7zYCrh9hpSXQ

Domain: adx.dable.io
URL: https://adx.dable.io/pixel?dsp_id=6&uid=k-1j1FqSDUYWC3GwTwKspd9QhSlN5b8msWmdBgTA

Domain: s.ad.smaato.net
URL: https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-ZcD1JCDUYWC3GwTwKspd9QhSlN42oJ8MR25IWg

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-Z-Xh0CDUYWC3GwTwKspd9QhSlN7oOkNCQHP8Xg&expires=30&user_group=5

Domain: trends.revcontent.com
URL: https://trends.revcontent.com/cm/pixel_sync?bidder=151&bidder_uid=k-NcI86iDUYWC3GwTwKspd9QhSlN59ctul8u9-5A

Domain: gum.criteo.com
URL: https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMjMmdGw9MTI5NjAw&piggybackCookie=uid:k-YoQzXSDUYWC3GwTwKspd9QhSlN4IdxGDDVqRNg

Verdicts & Comments Add Verdict or Comment

195 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

68 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mrtnsvr.com/sync	1970-01-20 09:55:24	Name: userId Value: KwJrbUqfM
.3lift.com/sync	1970-01-20 03:17:58	Name: sync Value: CgoI5gEQzoaB3PIvCgoIhwIQ6oaB3PIvCgkIOhCGhoHc8i8KCgiMAhC_h4Hc8i8KCgieAhCWhoHc8i8KCQhfEK2JgdzyLw==
www.gazetaexpress.com/	1969-12-31 23:59:59	Name: uid Value: M9JdEmIXbJeLvZoHAwt8Ag==
ads.gazetaexpress.com/	1969-12-31 23:59:59	Name: OAGEO Value: 2%7CDE%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C
.mgid.com/	1970-01-20 01:08:24	Name: __cf_bm Value: RLoFBngsL2rZdTOU6ghPrWNqs0n8DJKHGk7avCI3Tiw-1645702295-0-AYjizYN1Vya6/LC7Oeh0fwFQlSqGs5Zbms4SDej9EyCBHBITzEfV2CK+Y8/QHs7zCtEszC6qrWG6p0AQ/wHN3tk=
.gazetaexpress.com/	1970-01-20 01:08:24	Name: __asc Value: 6b65d1c317f2b80300983f19201
.gazetaexpress.com/	1970-01-20 09:55:24	Name: __auc Value: 6b65d1c317f2b80300983f19201
.gazetaexpress.com/	1970-01-20 18:39:34	Name: _ga Value: GA1.2.828370054.1645702296
.gazetaexpress.com/	1970-01-20 01:09:48	Name: _gid Value: GA1.2.990415458.1645702296
.gazetaexpress.com/	1970-01-20 01:08:22	Name: _gat Value: 1
.gazetaexpress.com/	1970-01-20 03:17:58	Name: _fbp Value: fb.1.1645702295829.29543988
.rubiconproject.com/	1970-01-20 09:53:58	Name: khaos Value: L00WNMDN-1A-54BG
.rubiconproject.com/	1970-01-20 09:53:58	Name: audit Value: 1\|naVuGyos1qq36jwFFgdIFj5APvdogVCbaTd6KyMQnat7y9GyzaExIRcnwRx1WB12wakCsIM/rTg4q9skiIvoyj79QniQXr/UHBx5r9vc1LNDyByN2tHx0Q==
.serv431.com/	1970-01-20 18:39:34	Name: UUID Value: 50350efc-f83e-53d5-92f7-037e0fad8ba1
.gazetaexpress.com/	1970-01-20 01:08:24	Name: __cf_bm Value: VOEXLDtWHqLsW8vXyAftiRhUZev_lb62wYSuX_uGUKM-1645702296-0-Ab9LI+0NItaZ0l7SxnoDR28jsAfQzbfmuUm9UDN5N+u6Q/TZXahvXDBQx+yJGlR4umwBUM5RDtCQ3A6iQaD288IBMhboKXuGBlz7nevSfasKSIgKxOm6a3gT0mb+PpyTOw==
.gazetaexpress.com/	1970-01-20 10:29:58	Name: __gads Value: ID=c292729128eecd44-224d35414ccd0004:T=1645702296:S=ALNI_MayDjBsB6r5xrBR71-9mnGH2vyiOw
.gjirafa.com/	1970-01-23 16:47:15	Name: __gjci Value: ff40b582591c49a393cf9d9be5499f5b
.gjirafa.com/	1970-01-23 16:47:15	Name: __gjbi Value: 7ccb6a6c1e3f47bca36776e0ce7685da
bisko.gjirafa.com/	1970-01-20 01:08:25	Name: __session Value: 36434956198e405db9f8128672984f50
.doubleclick.net/	1970-01-20 10:29:58	Name: IDE Value: AHWqTUnmor0wWQTkANdFTfZWYpNxOrJ1P0A4LWNa5Z6amDRIok_2z1YkUahFxVjOEsY
.serv431.com/	1970-01-20 09:53:58	Name: ucv Value: 1460-DE-1645788696472-24--1483-DE-1645788696313-24--
.yahoo.com/	1970-01-20 09:54:19	Name: A3 Value: d=AQABBJhsF2ICEG_rB_XjaWOsK3HPTu_ZwecFEgEBAQG-GGIhYgAAAAAA_eMAAA&S=AQAAAgoF1l0M1YEWi8HJmNIFZWc
.criteo.com/	1970-01-20 10:29:58	Name: uid Value: 4b932329-1a9c-47cc-a11b-d1aeea589822
.mathtag.com/	1970-01-20 10:34:17	Name: uuid Value: 4cf56217-6c98-4b00-956c-59fb1de7107a
.mgid.com/	1970-01-25 20:31:23	Name: muidn Value: m1oAgNOLAwv3
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 18:40:16	Name: bcookie Value: "v=2&693c3b82-1bd3-4968-8b5a-ca4c03e99cb8"
.linkedin.com/	1970-01-20 18:37:15	Name: li_gc Value: MTswOzE2NDU3MDIyOTY7MjswMjHr4MFwnA+Fcijau23TJt4cZBq298NkkCNG7mXi+DoPDw==
.linkedin.com/	1970-01-20 01:09:48	Name: lidc Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2338:u=1:x=1:i=1645702296:t=1645788696:v=2:sig=AQEW3pwc3gmWIPrNmr1zGMqryZK1ZMRm"
servicer.mgid.com/	1970-01-20 01:08:23	Name: __mglb Value: f093cb96f37842cf40d0daae92270708
www.gazetaexpress.com/	1969-12-31 23:59:59	Name: MarketGidStorage Value: %7B%220%22%3A%7B%7D%2C%22C1190148%22%3A%7B%22page%22%3A1%2C%22time%22%3A1645702296919%7D%2C%22C1002277%22%3A%7B%22page%22%3A1%2C%22time%22%3A1645702296909%7D%7D
ads.gazetaexpress.com/	1970-01-20 09:53:58	Name: OAID Value: 01000111010001000101000001010010
www.gazetaexpress.com/	1970-01-20 09:53:58	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3D0b99788c-8897-4434-9269-0d83590e6511-tuct910f219
.adnxs.com/	1970-01-20 03:17:58	Name: uuid2 Value: 3776709017045762705
.tapad.com/	1970-01-20 02:34:46	Name: TapAd_TS Value: 1645702297816
.tapad.com/	1970-01-20 02:34:46	Name: TapAd_DID Value: 31ae1023-b88b-4542-aacb-3daa91294bd3
.analytics.yahoo.com/	1970-01-20 09:53:58	Name: IDSYNC Value: 18zh~23ez
.3lift.com/	1970-01-20 03:17:58	Name: tluid Value: 496357678223680749462
.addthis.com/	1970-01-20 10:29:58	Name: ouid Value: 62176c9900014c326cab6e0ba8cee9ee28da1536338223201713
.addthis.com/	1970-01-20 10:29:58	Name: uid Value: 62176c99014ec945
.addthis.com/	1970-01-20 10:29:58	Name: na_id Value: 2022022411313787700808135331
.media.net/	1970-01-20 09:53:58	Name: visitor-id Value: 2887038978397277000V10
.media.net/	1970-01-20 01:51:34	Name: data-c-ts Value: 1645702297
.media.net/	1970-01-20 01:51:34	Name: data-c Value: k-_pbd8iDUYWC3GwTwKspd9QhSlN4eeiBRc-Akew~~3
.yandex.ru/	1970-01-23 16:44:22	Name: yuidss Value: 4569407151645702297
.yandex.ru/	1970-01-23 16:44:22	Name: yandexuid Value: 4569407151645702297
.casalemedia.com/	1970-01-20 09:53:58	Name: CMID Value: YhdsmY6y3xQBGvY8Iezj9wAA
.casalemedia.com/	1970-01-20 03:17:58	Name: CMPS Value: 3269
.bidswitch.net/	1970-01-20 09:53:58	Name: tuuid Value: 94626b26-4492-4555-9447-d83da0256e91
.bidswitch.net/	1970-01-20 09:53:58	Name: c Value: 1645702298
.bidswitch.net/	1970-01-20 09:53:58	Name: tuuid_lu Value: 1645702298
.tpmn.co.kr/	1970-01-20 09:53:58	Name: uuid Value: 5b93777d124d44a18b57de8191cfa58c
.tpmn.co.kr/	1970-01-20 01:51:34	Name: criteo Value: k-9WQWmSDUYWC3GwTwKspd9QhSlN4D192dHhp7Tw
.outbrain.com/	1970-01-20 03:17:58	Name: obuid Value: d899fec8-da1f-427b-b721-bc068954890c
.outbrain.com/	1970-01-20 01:37:10	Name: criteo Value: k-gEk3giDUYWC3GwTwKspd9QhSlN5d5BYIyv9ibw
.adnxs.com/	1970-01-20 03:17:58	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2GTwj-dtT!]tbP6j2F-XstGt!@DIV$^^6z
.pubmatic.com/	1970-01-20 01:51:34	Name: KRTBCOOKIE_97 Value: 3385-uid:k-YoQzXSDUYWC3GwTwKspd9QhSlN4IdxGDDVqRNg&KRTB&23286-uid:k-YoQzXSDUYWC3GwTwKspd9QhSlN4IdxGDDVqRNg&KRTB&23287-uid:k-YoQzXSDUYWC3GwTwKspd9QhSlN4IdxGDDVqRNg&KRTB&23288-uid:k-YoQzXSDUYWC3GwTwKspd9QhSlN4IdxGDDVqRNg
.pubmatic.com/	1970-01-20 01:51:34	Name: PugT Value: 1645702298
.pubmatic.com/	1970-01-20 03:17:58	Name: PUBMDCID Value: 3
.adtdp.com/	1970-01-20 18:39:34	Name: uid Value: ccf8e023-bbd8-483e-adab-254f863505d7
.adtdp.com/	1970-01-20 18:39:34	Name: pr Value: aja
.dable.io/	1970-01-20 03:32:22	Name: uid Value: 19088383.1645702298617
.gazetaexpress.com/	1970-01-20 10:29:58	Name: cto_bundle Value: RYN_vl95SFJBM1lSMzNBWURXanBBWURSUEZuNFZNYnZFeGpsTGpDZ0RJalpsaGZZTmdQMGNVQlNPaG5XUTBjbUhZendLeEFSY2VBbFZabXdjYXdPdnFxYlV2QXZHOGwlMkJQcXo4V1RnVWtwbmtwQzZKbHFXN0I1MHF6JTJCbFJGaW9jb1U3MU83dCUyRjJHSWJrTXElMkJDdURKJTJGTnUlMkJ5clElM0QlM0Q
.pubmatic.com/	1970-01-20 03:17:58	Name: SyncRTB3 Value: 1646870400%3A220
.pubmatic.com/	1970-01-20 01:08:22	Name: ipc Value: 156400^^1^0
.pubmatic.com/	1970-01-20 01:09:48	Name: pi Value: 156400:2
.pubmatic.com/	1970-01-20 03:17:58	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 03:17:58	Name: KADUSERCOOKIE Value: DD523EBA-209C-4C93-807D-20E11D0D3E40

31 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4665846415960239&output=html&adk=1812271804&adf=3025194257&lmt=1645702296&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.gazetaexpress.com%2FAFP-SJELL-PAMJET-E-NJEREZVE-TE-VRARE-DHE-NDERTESAVE-TE-SHKATERRUARA-NE-UKRAINE-PAS-SULMIT-RUS%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645702295785&bpp=3&bdt=660&idt=446&shv=r20220221&mjsv=m202202180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5623693614665&frm=20&pv=2&ga_vid=828370054.1645702296&ga_sid=1645702296&ga_hid=322030387&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064857%2C31065022%2C44756895%2C44756896&oid=2&pvsid=393867970964119&pem=626&tmod=835804713&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=457 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-0ubm4yDUYWC3GwTwKspd9QhSlN6Ivk_z60IyVg&expires=30 Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1 Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://idsync.rlcdn.com/362338.gif?partner_uid=k-3f663iDUYWC3GwTwKspd9QhSlN7sX_2eko7olA&ct=3&cv=1 Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40 Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://secure.adnxs.com/setuid?entity=52&code=k-kbuUfSDUYWC3GwTwKspd9QhSlN7A5lQGGBcAuQ&seg=95287 Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://pixel.tapad.com/idsync/ex/receive?partner_id=2926&partner_device_id=k-3f663iDUYWC3GwTwKspd9QhSlN7sX_2eko7olA Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-qoPntSDUYWC3GwTwKspd9QhSlN7BLjCQnwO0BA Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-ER92QCDUYWC3GwTwKspd9QhSlN4JmKWOfzxXzA&dongle=013b Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=10028862&js=no Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-3f663iDUYWC3GwTwKspd9QhSlN7sX_2eko7olA&custom=&tag_format=img&tag_action=sync&custom=&cb=a0e49986-a4fb-4732-b5bb-ca01743b45b3 Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://cw.addthis.com/t.gif?pid=113&pdid=k-3f663iDUYWC3GwTwKspd9QhSlN7sX_2eko7olA Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-_pbd8iDUYWC3GwTwKspd9QhSlN4eeiBRc-Akew Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://an.yandex.ru/mapuid/criteois/k-vIClfCDUYWC3GwTwKspd9QhSlN5vjFVfWA7O0A Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-pEACWiDUYWC3GwTwKspd9QhSlN7zYCrh9hpSXQ Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-ZcD1JCDUYWC3GwTwKspd9QhSlN42oJ8MR25IWg Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-Z-Xh0CDUYWC3GwTwKspd9QhSlN7oOkNCQHP8Xg&expires=30&user_group=5 Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://ad.tpmn.co.kr/pixelCt.tpmn?tpmn_nid=26a681017b4fdc02f3aef3aa921ede3e&tpmn_buid=k-9WQWmSDUYWC3GwTwKspd9QhSlN4D192dHhp7Tw Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-gEk3giDUYWC3GwTwKspd9QhSlN5d5BYIyv9ibw Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-YoQzXSDUYWC3GwTwKspd9QhSlN4IdxGDDVqRNg Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMjMmdGw9MTI5NjAw&piggybackCookie=uid:k-YoQzXSDUYWC3GwTwKspd9QhSlN4IdxGDDVqRNg Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://tg.socdm.com/aux/idsync?proto=criteo&dsp_uid=k-746IViDUYWC3GwTwKspd9QhSlN7dXyuk6fqGqg Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://cs.adingo.jp/sync/?from=criteo&id=k-7HofLyDUYWC3GwTwKspd9QhSlN61qEB6uJ53ww Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://adgen.socdm.com/rtb/sync?proto=adgen&dspid=23 Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://adx.dable.io/pixel?dsp_id=6&uid=k-1j1FqSDUYWC3GwTwKspd9QhSlN5b8msWmdBgTA Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://sync.ad-stir.com/?symbol=CRITEO&uid=k-4aS2eSDUYWC3GwTwKspd9QhSlN4OnUNIsJ1fYA Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
network	error	URL: https://eb2.3lift.com/xuidmid=7976&xuid=KwJrbUqfM&dongle=u6nf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://trends.revcontent.com/cm/pixel_sync?bidder=151&bidder_uid=k-NcI86iDUYWC3GwTwKspd9QhSlN59ctul8u9-5A Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3d57460de9e80c101e86fe0c5db5eddd.safeframe.googlesyndication.com
a.teads.tv
ad.as.amanad.adtdp.com
ad.mrtnsvr.com
ad.tpmn.co.kr
adgen.socdm.com
ads.eu.criteo.com
ads.gazetaexpress.com
ads.projectagoraservices.com
ads.yahoo.com
adservice.google.com
adservice.google.de
adx.adform.net
adx.dable.io
adxbid.info
aghtag.tech
agorahtag.tech
am-trc-events.taboola.com
an.yandex.ru
ap.lijit.com
beacon-ams3.rubiconproject.com
bidder.criteo.com
biddr.brealtime.com
bisko.gjirafa.com
bit.ly
c.mgid.com
cat.nl.eu.criteo.com
cdn.jsdelivr.net
cdn.mgid.com
cdn.projectagora-adtag-library.com
cdn.taboola.com
cdnjs.cloudflare.com
cds.taboola.com
certify.alexametrics.com
cm.g.doubleclick.net
cm.mgid.com
connect.facebook.net
contextual.media.net
cs.adingo.jp
csm.eu.criteo.net
cw.addthis.com
d31qbv1cthcecs.cloudfront.net
dis.criteo.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gjstatic.blob.core.windows.net
googleads.g.doubleclick.net
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
idsync.rlcdn.com
image2.pubmatic.com
image8.pubmatic.com
images.taboola.com
jsc.mgid.com
match.adsrvr.org
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
partner.mediawallahscript.com
pips.taboola.com
pix.eu.criteo.net
pixel.rubiconproject.com
pixel.tapad.com
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prg.smartadserver.com
projectagora-483829-hdb.adomik.com
projectagora-d.openx.net
projectagoralibs.com
px.ads.linkedin.com
r.casalemedia.com
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
s-img.mgid.com
s.ad.smaato.net
s0.2mdn.net
s333.adxpremium.services
script.4dex.io
secure.adnxs.com
securepubads.g.doubleclick.net
serv431.com
servicer.mgid.com
simage2.pubmatic.com
sp.analytics.yahoo.com
static.criteo.net
stats.g.doubleclick.net
sync.ad-stir.com
sync.mathtag.com
sync.outbrain.com
t.teads.tv
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
trends.revcontent.com
u.openx.net
ups.analytics.yahoo.com
widget.nl.eu.criteo.com
www.facebook.com
www.gazetaexpress.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
x.bidswitch.net
ad.tpmn.co.kr
adgen.socdm.com
ads.yahoo.com
adx.dable.io
an.yandex.ru
contextual.media.net
cs.adingo.jp
cw.addthis.com
eb2.3lift.com
gum.criteo.com
idsync.rlcdn.com
partner.mediawallahscript.com
pixel.rubiconproject.com
pixel.tapad.com
r.casalemedia.com
s.ad.smaato.net
secure.adnxs.com
simage2.pubmatic.com
sp.analytics.yahoo.com
sync.ad-stir.com
sync.outbrain.com
tg.socdm.com
trends.revcontent.com
ups.analytics.yahoo.com
x.bidswitch.net
104.107.161.75
104.17.120.107
104.19.133.78
104.19.136.78
104.26.1.156
13.248.245.213
141.226.224.32
141.226.228.48
142.250.181.226
142.250.185.98
143.204.98.46
143.204.98.58
143.204.98.69
15.197.193.217
151.101.129.44
152.228.222.122
172.64.201.10
178.250.0.163
178.250.2.131
178.250.2.135
178.250.2.146
178.250.2.148
178.250.2.150
178.250.2.151
184.31.84.150
185.184.8.65
185.29.134.244
185.33.220.240
185.64.189.110
185.64.189.112
185.86.138.122
192.82.242.208
2.18.232.7
208.88.224.28
23.0.42.150
2602:803:c003:200::61
2602:803:c003:200::77
2606:4700:20::681a:9a9
2606:4700:3030::6815:1b4
2606:4700:3036::6815:4f16
2606:4700:3036::ac43:cf2e
2606:4700::6810:125e
2606:4700::6810:5614
2620:1ec:22::14
2a00:1288:80:807::1
2a00:1450:4001:800::2006
2a00:1450:4001:808::200a
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2001
2a00:1450:4001:811::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::2002
2a00:1450:400c:c00::9d
2a02:2638:1::11
2a02:2638:1::3
2a02:2638::1c
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a03:5f80:a::b212:e7a0
2a03:5f80:a::b212:e7a3
2a04:4e42:200::300
2a05:d018:d29:3601:2d23:8be0:67ab:2c3
2a06:98c1:3120::7
34.102.163.6
35.156.230.193
35.156.28.35
35.244.159.8
35.244.174.68
37.157.2.239
52.208.122.63
52.239.139.164
54.69.214.140
67.199.248.11
69.173.144.139
69.173.144.165
72.251.249.13
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
02dae9eae6650b6b4674d04318448fd6ad1bbeeb7058ff199f38e19e34afc62c
052e8a9a82d3970d5b8590c5316fca7a939462daefcbf3a0d52c6b86666aa2e2
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05760f80abc323ab1ef34aa1fd9d559293726b1fedc67ac1cb61cdea9a464f14
07dc4a8414f0359b4ca8f8d6813e8b0fbda31e8ce5b8905ff2215d3fe2f3acd7
07ec0272972dcdb6e079ce032e15cc1f6de374d89b9fdb9cf9af5c2dd2c1070b
08b562cee19c4ff0e74eeb29a0b4f4013644c02f0cbc6ebf9f22a434cd527807
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
096a4bb9d7f8588a8520d57f103bdf0dae273af88fc0265371124c048bff7b05
0a9a9dc6e0001a4121de2a1c509198a26a57e94eb365bc09f4d59046897cc9fe
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0e0acc73e788587d1ad30fe3a71bbc02dbaff6681c2d6499540094e6b6506867
0e4af100a42dd45aa66377c48b24edb4ddd16831513508917ec5e87e0ab98600
1041e3dc2033e5f6c5782c3f49a4ca3e333e1a800f65082e8464367e70fd623a
10bd74a09492dc854fdc2bd3a3b5d595630d7d0351321a7c46f79727a334a8e9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
121ad23840ca54e191757ee6fba4a47cacddcea2e4125ae03ca7da781c51bdc6
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
15baa7ce734978655cc365f4ffc84a70958290d5ff42d3c7c97515a3f64ef326
189bbf954aa1e1351dce2d5f01b70f79bc193f9737af3d6d950d0ce64c60dd27
1a0ccb885b347db7b78ec39912b3eb03e8e4a23b0fea7f0ad779811d8b3b344f
1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee
1bf5ec97a26ec5291f86b864fe727de79accd6c0bd484ff3dfe75e74cf3289a6
1d738702428e548afe4496af5815ea1c1e9e4dd77eadff2a73e444f8ab0ee140
1dfe1f5166acd133c392771877a5ef3d4113babad672a52121af85ef65969d75
1dfe6636ea39fb34282a6f412763ca440dcfed01a902f44f04b33df7a29188eb
1ed7d434cc3f89a09a5fb5385a44b646a302cc0e7f4a09f84f55dfeb14d1f100
202b60c49aaffc7e0f217e44c76e1294a5ddb44cfd09d3dd4b3f6fd3b2361f01
206e97ddcf07597e0fc514ba8bb4c266cc3847398416b079978bfbfc096f16bd
20ec3f31b4762d74bc4fd1dc148a32b100919878695f57f4ff1d91f99b95ab34
211f8bf50201d9010c1c867e5f670f969c7c4450a89e4dab2d786bf3536d2baa
24a61be54818638d79b60fb6667c84641df43a2ba33687ebd85be2f623c86869
257a4584294f6aa97aeb3e9c8ddfdef3892ca1b3530213f80a2b431f0da20159
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25fa9df1291293e23cb1e1f2b640e32b27adb0a34d46d1e107ea0db57a577735
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27b865df4c8629eb1165471b7a0ed03af80da745137d5c66faa81d690f254766
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
281b364896fef75bcecf2abcc172ffe3ab59b0695985c924082415bcc999bd96
28246fc455ed80a6d38f2779e518e2fb49031680c01ae393a7cae3d04462daf0
2988eefac4d294f3afb945f45057d49ba53662c2408e9927b59e5d6fb8e45b71
2998d6fd2f15eace8e6795cfc6f02f172826a110d1c8c13c60caff969a23bcd8
2a1a4a341afe353caa9baf08dadd6127dcf37946b3211f711b7b12cd7c23dae3
2a3aba8dee63a3e91443ddce230696b802ae4db6e643f83ef6b370668211566b
2b19f83dc32533d25a4879b202102cc44d5a2f302b71c91b117104b532ec8aa1
2b533fe5c53324b1ed9a449bbd2d899930396f3b03b05b4c06ee83dd98879074
2b8dfe38e189ac7918c8ab08ded0700dbca5fdee7a70d2d2cfd9e6b4114ae37a
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
2e43c0507c2b3f247c1748237b1e7db8ba86d0c8c128b66180591409031f5532
2f14dce1f201fb2ec6dece12586a978345f4911493ef20d7840ebc707ccf93db
31dba1aec81e6b14d4ba4c8ff7974e33f480719a71ea60d42361c49b59c0a2d3
328585f7e15030c7004fa232f29918112b84b5a32caee192ce4c9a173fb4bd2b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3436389192f2e567c2d9b452e681426c737ddd4482149f779166ffe8dd2b5031
36234dfc3643d15135aa25829d06d32fc1a843e9bec39b64ca0ffec08eac4a45
36f2cdf03858595e09d76849b9df062ace1077058397cd04396d6f6fea7be28c
374185e53bbef45445536ca0bec29e8ee94dd9c3ef96914dfa69a13447964ca9
38d77e6ab4f671272c96afc85c7a6d346decae101c936de581a5b1af104b7f36
396e0732c96f3d35e00afe29a75e1ed0967bef21a1afe209174c18138a225bcd
3a87b3a6560c4ea75c08809af3a7982e03f7b8eed54a53077ef0871e12d5e25f
3cf937ed4a4f526cd52b17faa5df04a7a5613867d7eb3c367f5dac5423182866
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76
3ee01bd79e58c77dc4276a96fa5dcbe396c024538353c216894c5d6abcf2b6e1
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
439c15719fd95c4f95dafb40d8d669534bb8a04429ec570d6f7e0ac73e727627
44518302cf6d30417b1ec561a1fe68bc9cfebcf8e1cb67c32232624ccf4ee6c0
44f443dfaee7f8cc3ce88745cbb4789e2193536d6716aed93c65e5ae3b2208c7
4530055a32b5a1a639311d7be5e6abb79ba772acae1410f9f9feffdc297721dc
466a7a040c068a04a0c88bc793cca7b89e0883e25eef53d8939b180c40f56f1f
46bd65df4f409fb2e7308c958be9e21ef67a5a8a253a65b1ea0da54f13c8523c
46f0a5a8ef9e040a9fe62208823f04802b8782dd0ea09379a12d399573b489e0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b
4d3c2716fb807011f9b2da62eccb916cb685d127d731c19b72e91d1116b18b71
4d6832eebaf859e918ee5abadba4d160dbfc08389a5149a4c165d13dd6a07fc6
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ead03c19b4d181840781c19a827dd4259deec0f7ae54c4cb592c4bdbfd72ccd
4ef36d3e34b930ad3353f5ef5da59ff015b1954c2091c0f84b3f2e178f093ace
4fa58299d61aaecbcbdaf766cfa7b5a825d7ab3a99a733fa283b513129f7835a
4fb1056743f1bafe3a3c2d8686e607045b04176e725754914deccc92425418f6
4fb565264af26107bb37b1e495c4b4bf768cf212d74a9eb357249a67b5e64923
4fd7e4addfa6af607117bf218a0bee89074525db02f98b9389efa3cd8e6d1b84
51f0a8083efe4f1dc7cfd743d45df0615a47ba5900f8c09f07149882d48c2394
533082022bc927661c3e1117efd56ad87697ebf11b5e798341a2639f306a3c86
538cb104157f6987b890d1f4701a3bbb121b23fb1ac1d05e5698ee8f1cacd6db
54a52b05339c16fb11c34391658ca80300231bd29785fb9dbb75e77f84c59af8
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
586799c13e83606a88fdaf81995fc8b6b62afc99860c083d62fc6f9da40d67d7
58897bcf12685bc19f85b299f49a5bbfe087b784143bb067807b6005311996d2
58d5dd78af31fedc394fc1576004d11f96384907eaffd5260382daeefe8dccb3
5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53
5e36dbd5a40407628bd40f9e16a04cff281c54a74d0b3f8610049e0b5f0a1ff2
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
5f7ef35bdb15376d58e3ea16190d1d92a0379ae2f5b0b0108d393369dd09ed4f
600420cd9284fada39a77741d8eb994f3bd743a499bf40135ce596d4b4ad01e4
60b2bb1d968cd3178c704955062990dda4b9ef7a77cb90e3b30a03d65b5645e0
618d78546b72b599a31a6e38d28f2efb0ba563221b8a2ddeeb2fb25dc771c724
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c1634fa97958e4de224df511474eac3a50469151e7a54d2bb1930f46ebdb5b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
658c14d9b1f327a4c44cc3295d08584eada1e2d086497f748ad972799f4e4fc5
67ef6baea88f759a2f04fb7b03b85548bc697c8b43fb6be9a40a876f252d1fe8
69052d2158d54e69ae80a2b9acfccf337f4d86069d9b70e3f1267d3bcb2331ec
6ab8f5d7aef4c5bc9dfbdd8a14d299dab41d0a366e4b37e1e7a7d0661e093162
6b2232745e0aa1c8b091fb127f333883241122c50a99c8e2f665ae4ee87d35ea
6be4aeb8ab5cffa42a0f0ad08a780289db5dd6d9d72ca1d0d8c83f3590b50901
6d4b871026e1912263de416e2998423157080532a674bfb55eff6372495521ee
6e703e24ff02d7634580dcbf9287f9a7d46f79320c093d8d3756fde6136f81cb
709f1a720c27058d502868c68d0b45f2b9ebcf91798ebcc2a50281a95b034e1e
70d067735991c685e2ff4b1002571d94671a3cc0b93a4c367a9f268c2d4a8a97
741932350156677164b36a1506347cfd558bc502310bd1d50e246d454c4c1131
760042c74ca436460ec38ee573383b5eb120a272f56e2ed526a62b7757eacd22
76a90135a3f44e3108f3a857d9bc86327de6be031917368293a94cd5a6935ef8
786b6adc2e6f5d2306b13b852a601c0f9d59345e92adc1388ff9a7060bfbf9e2
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7995b74a2667a2bbe66270586afd30480e3bfd8a8ad77da76b90711e50efb2ec
7ba64b0943aca05548fafbf0cb11340b830542a82e59cba86aa2ef238d5d2830
7f1f05b944164a16740a6b0e96aef23fd5a54abba0fdc286e4f93fe9dc47182b
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3
7fee5488f247de155c84a033494401076018c81062f48180373e3cf05ae47c69
7ff069f778102bcd53e50841999d1be0352952cbcb29d36ed071d7454b6aaf08
82cc1ddf2e85c5cc94d1573cc0f0496cb79830d7c79a9c72a156038dc9f5d4c7
82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83cca59ffb460533a228945b27f8383b04da72776fa58f8970a208c57bec7210
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85121a60fa28046f20d9a0f53aa7f48389804115c109dd8c1ad24b2316483d2e
8590ee2871189fe2bdb44d32ceb04e73194eac8d2785113c8a87c79bcec64f3e
863557d40001f083eeba7126d682f0d67d510f53976de0f4f8ff06c7a0294768
86441c9a21f4c77dcbb2a4f020d904179f15c8e9b35f3f85d5d053ee62c13232
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
86960b92c227276b7ece5da51dad789ec45424f1294bc5884cacaca7d44cc595
873fb236ec54b8c2dd25d3a8e29d31b8741c63d544e152cde3fbbe6ec38ae92f
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
8d2bbfb7b70c9f4f0f20ebcf697c49ab27a40d0e0bdf942900d103f4e6a9a2c5
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e700bddd1405ed9feb6cca2523254b13b0bc2191f0728170099746792e7caa8
8e84cd404c673fd91bb715cb846a54b721759aef1aeb6482b348a9fa2cfa87be
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f584b8a0ae2d6937d68844965067259472504a23c30e3ea5c5e6057bb262cdc
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
96b5f7165aee781f94f530a66d2409e7a11bb1b11e2ad6eb226b7287582a284b
9800465cae64bdf8617aaca614fe37e565cf5b9e577daedd111816175e406b04
9c04e42082bd26de9c2fc64487b963b75cd4970889e1e9f20da8f4dbe4b6814a
9cbb9be7acdac8ad96d8419b8eb4e7120b05295a42d3c50919370d1fc83547dc
9dfec6c7e2254959d01350a2ea2f613ddaaf9e92249d7bb13b75b4dd0837c534
a0198786a35af6ca7577002fcda07c6f7f6d3009fef731e0b9c6ef86c77e37c6
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9b6ce5bce35a38960eda5c669c47447957cf16042d21a91973f55393e5b3b55
ac8c63242cd911601c4e31063f0f5619e2f9f4f0bf56d2ae8568278942b36c15
ad168bf3ea421b2a06f16aef7ca0f291d2074d37538f7a25828cbfb2da703f1d
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
ad8dc1681c0451d8590af4d2d08b7b16e4f6edf197f805929d6a85a2be1b622c
ae86f4dd65c4e172b6835e3ca7199ba5775404599a4a4ddafb1df68280c4fdcb
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af908e337acc4349a1e5b04b1b41644c533d2a6a3e8ea670b97d6b9f89342d1b
b09b4568e6d05c7d8721203cf78dd283559194f22f72159d381b4e0a12c81641
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b18983695372f4a79f7f99b514ffefaf9ff8f1bc359bc8ce59ee024638145c68
b1a2e5ffa0b16b7f55eba0ace46076a613f872f8844dcd9667dec900d5f27e46
b237f179c4cdfdb445558e40de5bede2d8cb8bfe8e15bae887884d37b4e763ee
b3ede5c007b843287b8ffd0c398af54969710362e87a04e571f5e140ef2a35ee
b74535a57fbaa47fc095e0b785720e29a86d8a141fc92d3792047d5b00bf787d
b7d1514a8b3ea4d47261b129f85811bb1d6e1645298086663acb6a0131c26db3
b8acc921d0bb083c7bc07c043e97cada772fcea11a5873774647737f241ff272
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
ba512ef98db602354169f125072cf47551a223e30bdbd79d4970c3e30ca7f3e5
ba5f27b98341971dc9c7e67ebac8cd95bdbd8b9c6de041d36a639a8d21db1fd1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bdd9bb5117dc10e9547bd413fa3533cc5a08519255905b8d6ea29b1cdf01b6c2
be1276b9fcc751ea3d53906870d6328216238d74a223806349150987dfc7a568
be9120d6402df0fd2d9c4a21c46071a3007cf7c5447ab72cb4204f63354a2d8a
bf2a467ec32dd82eaaa5c8bd11d24434a504abbfce36f1a4ab4a332aadac6c57
c31b2375744708f38933b2cb26263a36bb9c254ba30d3d669953136ffd70dbe5
c47f6416a1e7a3b94dae823315649210f4b53409b67cff267622ea6290fbf2c6
c7dbb2684ac05dd9a8ca6e56821718a634fe5efa3138f4243fee8e7791dfa706
c892cd533548bfd59af582215e294b58d5f5bbd90ba301c54bf62421f6942ff4
cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865
cdd7bc05e0fe5a6db9c95d3423d085ce1db8d422aa4327b3a956862f8ee93ed4
ce452421ffc53808c61795729eef02db9132d6d2cbc68198b158dce56b519272
d1b8a7a342a97c83b3d9735d6e09d9b38d4139246d8d02c8f17098b4ecac72d3
d1fa3588ef1e4af46d8cb998d36a076f1e5b3488ae0a10c201bb2e8a6a72a617
d3ce9e484f2c416af19f666a6ba47d17b380876c213fd740352d802adf5fc305
d47db5dc03dbeebb22d6d20aea28f3470cf7c57eac779edfd8fbf958f75672d9
d5d6ad7452742cafa0785874ad5e724266052b3cff53b5a200b550334749a187
d6045966d65c172b7ae03892afff4a83a922ef3fe27dedec338922069be988d9
d6dd24892343a1f7467d0eaadf088a8293d2c9c8c9a441c16af9dde5551f5763
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
dc6f9465b51ddd159e5268944a013f29114cde4d11265d63ebbca2ee91081f70
df94fe798e040f392289ef362466750ac4c091c0960ab935d82b59669086d393
e056c7d8bcb40f600d1da14237ed8fd94ffb843479d2368bd02bec3464fa39e2
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
e3a4032a23d7f94be7a6b3199fc6e227d8933d280fc0d3d3d842117a61a7dc94
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40ce0930cd0748fb92bc75739f641212565a3f3f2d719c667f90083d07fbaac
e45284f51bfb919240b236b488aaa149c13a5bf3654b8157ccda35a9131a7eaf
e7027cf2a9a7ba25d1b0d07042a081976369073a20ca86356291df7d8bfce4f4
e713a2eb066ef53f257059ab7dfcb94c24ca5ce69c39088afa2e185c171de856
e72a4d605e3d5af4047f1f34af4008981be221e0809e57805c6011c451f81c14
e8b437d60188c442585796d764a8553f266fa878437b96be8009a1642e6cf278
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848
ed0f6ad621155918c2f7129a3e531537ea28c627bd1b8d0f37d115e47354916a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef43d3115edcc000e014a3fe5a093d9c4ff86d0419b72a1bc73eb772fba75807
efbc00575f13f02c406f902fe55444cc283c09ec68d4404dc82c9ed7b23ad053
f370c1978c064ed715099f885066fa3d9dbe18cc821186883ff35782418ff565
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5ac9475c08e0ec43196ca533e775a594817aec0a8697b6708ad538cfac0b90e
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6927908310a9d8ea2a4e5594452cefd9dc8c8aa71bf101c4d497964b16efedf
f9ddd1e64827cb0fa09d74aa581ecfd468212261fa170ec9baddbd678389b342
facda30c07fffae1ead04152922e1b65421e79bec6e2dfa54d21ad3b0ace9e58
fad256c668aa1eb51fa18a925e95273df342e46f3162de728123b4c1fb922b5e
fcc16bf1238724eedd1638bf0937b691bb01d08e585ac5e1db274acb47147c5e
fd857341e3bc19e8c375e272b2d0c5456d7e01f3f15329dd03bb9b3333e6fb32
fef7c3eed906d6262687bdd1a5cd8f08c88b80368b5368bd6af84b0f694a2396

www.gazetaexpress.com Open in urlscan Pro 172.64.201.10 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

428 Requests

87 %HTTPS

41 %IPv6

69 Domains

112 Subdomains

77 IPs

10 Countries

6366 kBTransfer

13995 kBSize

68 Cookies

17 Outgoing links

Redirected requests

428 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.gazetaexpress.com Open in urlscan Pro
172.64.201.10 Public Scan

Screenshot
Live screenshot

Full Image

428
Requests

87 %
HTTPS

41 %
IPv6

69
Domains

112
Subdomains

77
IPs

10
Countries

6366 kB
Transfer

13995 kB
Size

68
Cookies

428 HTTP transactions
1 data transactions