nokta.md Open in urlscan Pro
2606:4700:10::6816:44aa Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nokta.md/
Effective URL:
https://nokta.md/
Submission: On May 23 via api (May 23rd 2023, 5:21:30 pm UTC) from US — Scanned from DE

Summary HTTP 218 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 66 IPs in 14 countries across 53 domains to perform 218 HTTP transactions. The main IP is 2606:4700:10::6816:44aa, located in United States and belongs to CLOUDFLARENET, US. The main domain is nokta.md.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 11th 2023. Valid for: a year.

This is the only time nokta.md was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::ac43:510	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 50	2606:4700:10:... 2606:4700:10::6816:44aa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:6b8:a::a 2a02:6b8:a::a	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2606:4700:303... 2606:4700:3031::ac43:bc1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	128.140.224.228 128.140.224.228	5606 (GTS-BACKB...) (GTS-BACKBONE GTS Telecom)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	146.59.30.96 146.59.30.96	16276 (OVH) (OVH)
8	2a02:6b8:20::215 2a02:6b8:20::215	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
1	2a02:2638:3::7 2a02:2638:3::7	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
6	188.42.196.115 188.42.196.115	7979 (SERVERS-COM) (SERVERS-COM)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
3	2a02:6b8::1be 2a02:6b8::1be	208722 (GLOBAL_DC) (GLOBAL_DC)
5	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
10 12	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
3 7	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 5	37.252.171.22 37.252.171.22	29990 (ASN-APPNEX) (ASN-APPNEX)
5	46.4.10.49 46.4.10.49	24940 (HETZNER-AS) (HETZNER-AS)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
1 4	138.201.135.164 138.201.135.164	24940 (HETZNER-AS) (HETZNER-AS)
2	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	18.133.209.175 18.133.209.175	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
3	184.29.202.60 184.29.202.60	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	178.250.7.13 178.250.7.13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	18.66.147.120 18.66.147.120	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.52 99.86.4.52	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
2	13.41.149.234 13.41.149.234	16509 (AMAZON-02) (AMAZON-02)
2	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
6 6	18.198.83.202 18.198.83.202	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
2 2	193.232.150.60 193.232.150.60	48061 (UMA-TECH-AS) (UMA-TECH-AS)
2 2	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
1	148.251.9.22 148.251.9.22	24940 (HETZNER-AS) (HETZNER-AS)
1	151.236.118.146 151.236.118.146	204720 (CDNETWORKS) (CDNETWORKS)
1 2	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2 2	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3	185.64.191.210 185.64.191.210	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	193.0.160.130 193.0.160.130	54312 (ROCKETFUEL) (ROCKETFUEL)
4	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	213.155.156.183 213.155.156.183	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 2	52.94.220.185 52.94.220.185	16509 (AMAZON-02) (AMAZON-02)
1	54.194.111.53 54.194.111.53	16509 (AMAZON-02) (AMAZON-02)
2 2	34.111.129.221 34.111.129.221	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.111.131.239 34.111.131.239	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 4	18.205.171.186 18.205.171.186	14618 (AMAZON-AES) (AMAZON-AES)
3 3	37.157.6.254 37.157.6.254	198622 (ADFORM) (ADFORM)
1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
3 3	31.172.81.160 31.172.81.160	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
2 2	89.108.120.68 89.108.120.68	197695 (AS-REG) (AS-REG)
1 1	23.2.229.193 23.2.229.193	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	2001:6d0:4001... 2001:6d0:4001::226	52016 (ADFACT) (ADFACT)
1	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
1	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1	198.47.127.20 198.47.127.20	62713 (AS-PUBMATIC) (AS-PUBMATIC)
218	66

1 2606:4700:10::ac43:510 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

nokta.md	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 2606:4700:10::6816:44aa (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

nokta.md	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:7daf (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6b8:a::a (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:bc1a (United States)

ASN13335 (CLOUDFLARENET, US)

prebid.dsail-tech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 128.140.224.228 (Romania) 1 redirects

ASN5606 (GTS-BACKBONE GTS Telecom, RO)

gamd.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.96 (France)

ASN16276 (OVH, FR)
PTR: ip96.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8:20::215 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::7 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6b8::90 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

bs.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 188.42.196.115 (Luxembourg)

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8::1be (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

ads.adfox.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.16.194 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.171.22 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 46.4.10.49 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.49.10.4.46.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.135.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.135.201.138.clients.your-server.de

hal900015.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.133.209.175 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-133-209-175.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.29.202.60 (Haarlem, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-202-60.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-120.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-52.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.41.149.234 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-41-149-234.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.198.83.202 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-83-202.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.232.150.60 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)
PTR: smtp4.senders.rutube.ru

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.71.149.231 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.251.9.22 (Wernigerode, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.22.9.251.148.clients.your-server.de

sync.dmp.otm-r.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.236.118.146 (Moscow, Russian Federation)

ASN204720 (CDNETWORKS, RU)

cache.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 1 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.244 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.191.210 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.130 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.183 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.94.220.185 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.111.53 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-111-53.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.129.221 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 221.129.111.34.bc.googleusercontent.com

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.131.239 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 239.131.111.34.bc.googleusercontent.com

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.205.171.186 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-171-186.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.254 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.172.81.160 (Germany) 3 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.108.120.68 (Russian Federation) 2 redirects

ASN197695 (AS-REG, RU)
PTR: d51803.reg.regrucolo.ru

x01.aidata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.2.229.193 (Schiphol, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-2-229-193.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:6d0:4001::226 (Russian Federation) 1 redirects

ASN52016 (ADFACT, RU)

www.tns-counter.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)

cpm.convergeselect.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.86.98 (France)

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (United States)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	nokta.md 2 redirects nokta.md	3 MB
45	googlesyndication.com eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 93 e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 132	248 KB
30	doubleclick.net 11 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 stats.g.doubleclick.net — Cisco Umbrella Rank: 76 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 210 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 337 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 660068	368 KB
13	pubmatic.com 1 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 477 ads.pubmatic.com — Cisco Umbrella Rank: 492 image6.pubmatic.com — Cisco Umbrella Rank: 682 simage2.pubmatic.com — Cisco Umbrella Rank: 660 image2.pubmatic.com — Cisco Umbrella Rank: 820 simage4.pubmatic.com — Cisco Umbrella Rank: 1193	27 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 41405 hal900015.redintelligence.net — Cisco Umbrella Rank: 287042	227 KB
8	yastatic.net yastatic.net — Cisco Umbrella Rank: 6671	197 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530	5 KB
7	betweendigital.com ads.betweendigital.com — Cisco Umbrella Rank: 1572 cache.betweendigital.com — Cisco Umbrella Rank: 23942	5 KB
6	bidswitch.net 6 redirects x.bidswitch.net — Cisco Umbrella Rank: 290	2 KB
6	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3686 adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	3 KB
6	unpkg.com 4 redirects unpkg.com — Cisco Umbrella Rank: 822	44 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 214	5 KB
5	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 723 gum.criteo.com — Cisco Umbrella Rank: 413 mug.criteo.com — Cisco Umbrella Rank: 2837 dis.criteo.com — Cisco Umbrella Rank: 575	8 KB
5	gemius.pl 1 redirects gamd.hit.gemius.pl — Cisco Umbrella Rank: 221502 ls.hit.gemius.pl — Cisco Umbrella Rank: 14332	22 KB
4	rubiconproject.com 1 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 953 eus.rubiconproject.com — Cisco Umbrella Rank: 566 token.rubiconproject.com — Cisco Umbrella Rank: 573	11 KB
4	audrte.com 3 redirects a.audrte.com — Cisco Umbrella Rank: 1870	3 KB
4	yandex.ru yandex.ru — Cisco Umbrella Rank: 1669 bs.yandex.ru — Cisco Umbrella Rank: 18729 an.yandex.ru — Cisco Umbrella Rank: 3501	108 KB
3	bumlam.com 3 redirects sync.bumlam.com — Cisco Umbrella Rank: 3772	2 KB
3	adform.net 3 redirects dmp.adform.net — Cisco Umbrella Rank: 2844 c1.adform.net — Cisco Umbrella Rank: 562	2 KB
3	weborama.fr 2 redirects cr.frontend.weborama.fr — Cisco Umbrella Rank: 26762 idsync.frontend.weborama.fr — Cisco Umbrella Rank: 26468	898 B
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 21135 api.webgains.io — Cisco Umbrella Rank: 56810	31 KB
3	awin1.com www.awin1.com — Cisco Umbrella Rank: 16768	2 KB
3	adfox.ru ads.adfox.ru — Cisco Umbrella Rank: 11060	362 B
3	google.de www.google.de — Cisco Umbrella Rank: 6080 adservice.google.de — Cisco Umbrella Rank: 9037	1 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	167 KB
2	tns-counter.ru 1 redirects www.tns-counter.ru — Cisco Umbrella Rank: 13059	705 B
2	aidata.io 2 redirects x01.aidata.io — Cisco Umbrella Rank: 17662	1 KB
2	amazon-adsystem.com 1 redirects aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 950	2 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4789	562 B
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 482	1 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 272	586 B
2	adhigh.net 2 redirects px.adhigh.net — Cisco Umbrella Rank: 19115	824 B
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 4604	747 B
2	gstatic.com fonts.gstatic.com	26 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 639	59 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 181	107 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	21 KB
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 729
1	convergeselect.net cpm.convergeselect.net — Cisco Umbrella Rank: 92069	228 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 306	265 B
1	simpli.fi um.simpli.fi — Cisco Umbrella Rank: 722	612 B
1	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 755	266 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 728	793 B
1	otm-r.com sync.dmp.otm-r.com — Cisco Umbrella Rank: 21479	69 B
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 59947	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 44502	2 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 195628	931 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 276	29 KB
1	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6856	171 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 344	1 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 875	7 KB
1	dsail-tech.com prebid.dsail-tech.com — Cisco Umbrella Rank: 774647	335 KB
218	53

	Domain	Requested by
51	nokta.md	2 redirects nokta.md static.cloudflareinsights.com
27	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
14	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com googleads.g.doubleclick.net
12	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net
8	yastatic.net	yandex.ru
8	securepubads.g.doubleclick.net	nokta.md securepubads.g.doubleclick.net yastatic.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	x.bidswitch.net	6 redirects
6	ads.betweendigital.com	prebid.dsail-tech.com ads.betweendigital.com
6	unpkg.com	4 redirects nokta.md
5	hal9000.redintelligence.net	eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com hal900015.redintelligence.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	a.audrte.com	3 redirects ads.pubmatic.com
4	image2.pubmatic.com	ads.pubmatic.com
4	hal900015.redintelligence.net	1 redirects eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com hal900015.redintelligence.net
4	googleads.g.doubleclick.net	eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com pagead2.googlesyndication.com
4	gamd.hit.gemius.pl	1 redirects nokta.md gamd.hit.gemius.pl
3	sync.bumlam.com	3 redirects
3	simage2.pubmatic.com	ads.pubmatic.com
3	www.awin1.com	eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net 8019191.fls.doubleclick.net
3	ads.adfox.ru	nokta.md
3	www.googletagmanager.com	nokta.md www.googletagmanager.com adv.office-partner.de
2	www.tns-counter.ru	1 redirects
2	eus.rubiconproject.com	cache.betweendigital.com eus.rubiconproject.com
2	x01.aidata.io	2 redirects
2	c1.adform.net	2 redirects
2	cr.frontend.weborama.fr	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects ads.pubmatic.com
2	d5p.de17a.com	2 redirects
2	sync.mathtag.com	2 redirects
2	image6.pubmatic.com	1 redirects ads.pubmatic.com
2	ups.analytics.yahoo.com	2 redirects
2	px.adhigh.net	2 redirects
2	pool.admedo.com	2 redirects
2	ads.pubmatic.com	prebid.dsail-tech.com ads.pubmatic.com
2	api.webgains.io	analytics.webgains.io
2	fonts.gstatic.com	fonts.googleapis.com
2	8019191.fls.doubleclick.net	1 redirects nokta.md
2	gum.criteo.com	1 redirects static.criteo.net
2	static.criteo.net	prebid.dsail-tech.com static.criteo.net
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	www.googletagservices.com	eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
2	www.google.com	tpc.googlesyndication.com
2	e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	yandex.ru	nokta.md yandex.ru
1	simage4.pubmatic.com	ads.pubmatic.com
1	onetag-sys.com	cache.betweendigital.com
1	cpm.convergeselect.net
1	token.rubiconproject.com	eus.rubiconproject.com
1	secure-assets.rubiconproject.com	1 redirects
1	an.yandex.ru
1	match.adsrvr.org	ads.pubmatic.com
1	um.simpli.fi	ads.pubmatic.com
1	dmp.adform.net	1 redirects
1	idsync.frontend.weborama.fr	ads.pubmatic.com
1	sync.crwdcntrl.net	ads.pubmatic.com
1	dis.criteo.com	1 redirects
1	p.rfihub.com	1 redirects
1	cache.betweendigital.com	ads.betweendigital.com
1	sync.dmp.otm-r.com	ads.betweendigital.com
1	cdn.track.production.webgains.team	eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	mug.criteo.com
1	fonts.googleapis.com	hal900015.redintelligence.net
1	track.webgains.com	nokta.md
1	adv.office-partner.de	hal900015.redintelligence.net
1	s0.2mdn.net	e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
1	hbopenbid.pubmatic.com	prebid.dsail-tech.com
1	bs.yandex.ru	prebid.dsail-tech.com
1	prebid-eu.creativecdn.com	prebid.dsail-tech.com
1	bidder.criteo.com	prebid.dsail-tech.com
1	cdn.jsdelivr.net	prebid.dsail-tech.com
1	ls.hit.gemius.pl	gamd.hit.gemius.pl
1	www.google.de	nokta.md
1	region1.analytics.google.com	www.googletagmanager.com
1	static.cloudflareinsights.com	nokta.md
1	prebid.dsail-tech.com	nokta.md
218	82

This site contains links to these domains. Also see Links.

Domain
map.md
t.me
www.facebook.com
www.instagram.com
www.youtube.com
sens.media
amigo.studio

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-11` - `2024-02-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018	`2023-02-01` - `2023-08-01`	6 months	crt.sh
dsail-tech.com GTS CA 1P5	`2023-04-24` - `2023-07-23`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2022-09-13` - `2023-09-25`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2023-02-01` - `2023-08-01`	6 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2023-03-29` - `2024-04-28`	a year	crt.sh
bs.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-04-08` - `2023-10-07`	6 months	crt.sh
*.ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2023-01-13` - `2024-02-13`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.adfox.ru GlobalSign RSA OV SSL CA 2018	`2023-03-25` - `2023-09-04`	5 months	crt.sh
*.google.de GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
redintelligence.net R3	`2023-04-10` - `2023-07-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.dmp.otm-r.com AlphaSSL CA - SHA256 - G2	`2022-05-27` - `2023-06-28`	a year	crt.sh
cache.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-16` - `2024-03-18`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-01-27` - `2024-01-27`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.rubiconproject.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-07` - `2024-04-03`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://nokta.md/
Frame ID: C547C5A3955C8696FB06C15A42872D26
Requests: 91 HTTP requests in this frame

Frame: https://nokta.md/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/invisible.js
Frame ID: E04E5B4699C68E8CD2A0A080153130F9
Requests: 3 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: 0B75C86E723E1B2BD64772B0F8CCC219
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: F79296ABE8AC000B8D41C0B40E91335E
Requests: 9 HTTP requests in this frame

Frame: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DF7051EA774DB05D7E7F1B43B75EEE9E
Requests: 1 HTTP requests in this frame

Frame: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 575C194B1D668F8CBFE7789836B1E902
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1FC3E43C313E4B1E16A54F30B68A2197
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4C727B34C283867B61035BAF5AA0BDCB
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 061EC1755A609DFA09C1BEFB83961CC0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AC7F523510D7B558A47F5FC280CE8576
Requests: 2 HTTP requests in this frame

Frame: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D735F98DD0F98F9272F0ECFB5E63434A
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXjbvf0MS5ie5t6WZ9Gt3bETWOWwrWdv564CJcMrMl6ujVurOTXHH7ABJObqzD-xh0bmxIMJEF_-Zxhgg85N9zehL3QYNo5TfTCEuMur-HJmymG8naVrftKggD7_Q_Em_oAL8F7m1xL5lMgUpDk4M-j9hHJy8stalC0d5koA2L5TEDfFCc
Frame ID: DCE8FC44D1FC4FDA360BBCAA66ACE95E
Requests: 5 HTTP requests in this frame

Frame: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 1901F1855D82474814BF46F18E1F17B2
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJuhcRDKpa3UBBjDnZ7qATAB&v=APEucNUsieJay6E2gTcDeiaabLde4BkOy_acCChKzBeMXo91jR9OVy-ScYhFzCnRJvORzYH-L26sNAhIYjmf_YW7vyaXLefviGLGx4PB_x8WO1V7QMobkJQcpjYEum842WjEp4fX2iTKLnTfI3vilbrvs9LX5XGvwTYYVk1K_25BspR53iJH5N0
Frame ID: EA2D6F451BC11C51F55C4253DFB11542
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0566B69612A16945D28151F5F7CADA6A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AE58F440C27506FA67718342850AF379
Requests: 3 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=nokta.md
Frame ID: 7342FB5FEF51541EBFE2D2EC7C22E007
Requests: 2 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 362F2E2DAA7A468E54BA17FF1B3E4327
Requests: 2 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055
Frame ID: 8A67C36FD019E44B12D5185EB4711301
Requests: 2 HTTP requests in this frame

Frame: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a
Frame ID: 4B5DE2D1A6CD4217650F04D626CB5E41
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Frame ID: C4D7C655006978DE537426BE254C2073
Requests: 12 HTTP requests in this frame

Frame: https://ads.betweendigital.com/sspmatch-iframe
Frame ID: 8B0BF98246F06F76E5AEDAA25850AF46
Requests: 5 HTTP requests in this frame

Frame: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=4eb95fa2-e5c1-528f-b9ae-99b2ddc26fa0&CACHEBUSTER=805063
Frame ID: 186C82624F360CF04E6356947DA519EC
Requests: 5 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0db1646c-f616-4f00-8c06-9da67ae5df6b&gdpr=0&gdpr_consent=
Frame ID: B83F06E6C8F2196E8898FE6BE315E2D5
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828011460001
Frame ID: 1FA074AB75ECE21B14491DBF2EA83B34
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: 0C3526B795D85357C1D250F79C4E94A9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5175650257480605517
Frame ID: 6EA509BCE47D7912D7119E6BB10AA866
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=DCABF644-19AF-4E86-9058-2351B3060B1F&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: 7298FE2EED48F755B37691452C72AD4E
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Frame ID: 1F8CD7B63E547BD0507CC6D368D1D85D
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Frame ID: 45AD2438BC08DABF8FAE20676268EF96
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nokta - Новости Гагаузии

Page URL History Show full URLs

http://nokta.md/ HTTP 301
https://nokta.md/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

218
Requests

88 %
HTTPS

39 %
IPv6

53
Domains

82
Subdomains

66
IPs

14
Countries

5168 kB
Transfer

8979 kB
Size

74
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://map.md/ru/street/113692006?number=11&embed=1#13.9/46.30581/28.65894
Title: Комрат, ул. Победы 11

Search URL Search Domain Scan URL

URL: https://t.me/nokta_live
Title: Telegram

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Nokta.md
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/nokta.md/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCmznL5cxb_FmHEX1-r2Z7_g?view_as=subscriber
Title: Youtube

Search URL Search Domain Scan URL

URL: https://sens.media/
Title: Разработано SENSMEDIA

Search URL Search Domain Scan URL

URL: https://amigo.studio/
Title: Design by amigo.studio

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nokta.md/ HTTP 301
https://nokta.md/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://unpkg.com/swiper/swiper-bundle.min.css?ver=6.1.3 HTTP 302
https://unpkg.com/swiper/swiper-bundle.min.css HTTP 302
https://unpkg.com/swiper@9.3.2/swiper-bundle.min.css

Request Chain 24

https://unpkg.com/swiper/swiper-bundle.min.js?ver=6.1.3 HTTP 302
https://unpkg.com/swiper/swiper-bundle.min.js HTTP 302
https://unpkg.com/swiper@9.3.2/swiper-bundle.min.js

Request Chain 52

https://nokta.md/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://nokta.md/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/invisible.js

Request Chain 77

https://gamd.hit.gemius.pl/_1684862482528/rexdot.js?l=100&sendf=24&id=p4CVTv8hZWafEG2PdZ9EeqPe7HjucV.3GM5JM0.nB77.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=https%3A%2F%2Fnokta.md%2F&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=7ciwJZ63OX1rYEsBPyS1KZKfk3Bn0bvwbvri7pcxxEj.z7caniz.a2vulssZlsftGpp.V8fpi9H1SI2khRTXqkLLvcvf/N_kMvCvQcCGN0/&fpdata=9V_7ORXx.Wdrb5mnOe9c8FnQSWPijNU6bAUMZWdHD43.I7&ltime=370&fr=1&ref=&inner=_ver%3D342%7C_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D&exid=646cf6120941f2a7&brts=1684862482&fpcap= HTTP 301
https://gamd.hit.gemius.pl/__/_1684862482528/rexdot.js?l=100&sendf=24&id=p4CVTv8hZWafEG2PdZ9EeqPe7HjucV.3GM5JM0.nB77.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=https%3A%2F%2Fnokta.md%2F&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=7ciwJZ63OX1rYEsBPyS1KZKfk3Bn0bvwbvri7pcxxEj.z7caniz.a2vulssZlsftGpp.V8fpi9H1SI2khRTXqkLLvcvf/N_kMvCvQcCGN0/&fpdata=9V_7ORXx.Wdrb5mnOe9c8FnQSWPijNU6bAUMZWdHD43.I7&ltime=370&fr=1&ref=&inner=_ver%3D342%7C_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D&exid=646cf6120941f2a7&brts=1684862482&fpcap=

Request Chain 125

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhKmz24XsufeyHFzJr3OjY&google_cver=1

Request Chain 126

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZGz2E.SJP0a2wJFhN6tgPwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1&google_hm=2

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJYYtA23EogvOPfRObLKnQM&google_cver=1

Request Chain 128

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTgxODE4MzQ5ODY1NDM0NDEx

Request Chain 132

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1

Request Chain 133

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZGz2E.SJP0a2wJFhN6tgPwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1&google_hm=2

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEK6YqrLftWMa0vwh2hPGLh4&google_cver=1

Request Chain 135

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTgxODE4MzQ5ODY1NDM0NDEx

Request Chain 148

https://hal900015.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=57d673eb70&subid=&uid=10bf31533ac0de7c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc9H8EvZsZIXBN8TbgQfYiqagBKblvaBplZOcp8kP8C4QASDKo--UAWCV-peCrAfIAQmpArGeC7vyE7I-qAMBqgSHAk_Q4EQqTkUXXDxGK1V2SQLAIxUefqng3YOj_fxuf5_MRqV3NrBbmS1vzz3XzhprPiiRdqfyrvENdaZHKBo4lSIIsI2UNO12eZc_FfayC29NsW2ydEtW6CIixfFEUtwDAcbSPdEsNikOWd__XwMpr9NyTcxmmeglow3fqprXlQABkXt48lmTx9QlDQnbADo4qzi24z0_HOHwnZqJoAJGFiggQvmUexS4sxwfrBmvY0iwYH4LZ1tr25S2kLwW3AuDYkf80zIXB-e37SuuBuNclzGVoLIS1mUF4vToR-kgGCHUr1Hg8E6i9Oa5n5tuhCqmWKNyPZg27WxKXXa4ZaxhFKGQus7_DzuLwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE8yc2RLQEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ%26sig%3DAOD64_11IJIIKI34tVuBzayYhDs5he0TvQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DfStlp2prPp_gC-O9AewE-O0fWF8-KPSeInKlalkFMYka19-r3m5ymCqEQp8pzCCdklihyy1r01lLGhquPAjyWB6Gph_sm3Vrv5wd41SUGhYATtMczdaqb8uGP9mMaAxOr-H7rOPdmQLTLbPH1l_YGzw84OgK0z9H3oeMXF6LEriWUqMg%26cry%3D1%26dbm_d%3DAKAmf-Bp7WlNvsajL4aZbjNYN-ou4pSEbsVvPyMYoDq7dZC4vIRxKzC75faZkO6LpV1NnjZnVVPkIqihPRuSFIEHzM7KhXTRThg9Cwu3MfvuRpzZR00-aD6ogzH4QshzrwGb3Hok-vMa_vfoVBCBke-dRCmTIAuWPKm6u8yXf5BhpdPgv26Zyq-NmbDUFaLSLtd_iMqsuUHGH2KPGuWQDP95fmlJgTbPJ8RFQQLRI31f7G3CtyFcyDg2Yz_XKmsQOyky7E6k1FvdwiRwIZGw9sFtv7oj-FuL1Q6sz3h4_ms1uhji1IDhPsQHAmghk05Q_P3oECMaAGaseTZhroXQymMdSB6oO6ayHNc5sMt6m0J36Nxx95x1DKT0-WE5DgqlnIuVh0vzcF3P9hMbu7J7vWe7Qo-YPWOu530nWhMr7eZTlT6XS04wRkhw45PiN_otkZK6TWdppQNKzi0gmo4roFLBOjC-4RWWp7G-Bz2p4sFuhzaB8_5Op2Yo2dOsUEY31lkeyvax3teqhHQW7_SZcj5UzwO2-9uGiw%26adurl%3D&documentReferer=https%3A%2F%2Fnokta.md%2F&ancestorOrigins=https%3A%2F%2Fnokta.md&random=3598323939384&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900015.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=57d673eb70&subid=&uid=10bf31533ac0de7c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc9H8EvZsZIXBN8TbgQfYiqagBKblvaBplZOcp8kP8C4QASDKo--UAWCV-peCrAfIAQmpArGeC7vyE7I-qAMBqgSHAk_Q4EQqTkUXXDxGK1V2SQLAIxUefqng3YOj_fxuf5_MRqV3NrBbmS1vzz3XzhprPiiRdqfyrvENdaZHKBo4lSIIsI2UNO12eZc_FfayC29NsW2ydEtW6CIixfFEUtwDAcbSPdEsNikOWd__XwMpr9NyTcxmmeglow3fqprXlQABkXt48lmTx9QlDQnbADo4qzi24z0_HOHwnZqJoAJGFiggQvmUexS4sxwfrBmvY0iwYH4LZ1tr25S2kLwW3AuDYkf80zIXB-e37SuuBuNclzGVoLIS1mUF4vToR-kgGCHUr1Hg8E6i9Oa5n5tuhCqmWKNyPZg27WxKXXa4ZaxhFKGQus7_DzuLwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE8yc2RLQEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ%26sig%3DAOD64_11IJIIKI34tVuBzayYhDs5he0TvQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DfStlp2prPp_gC-O9AewE-O0fWF8-KPSeInKlalkFMYka19-r3m5ymCqEQp8pzCCdklihyy1r01lLGhquPAjyWB6Gph_sm3Vrv5wd41SUGhYATtMczdaqb8uGP9mMaAxOr-H7rOPdmQLTLbPH1l_YGzw84OgK0z9H3oeMXF6LEriWUqMg%26cry%3D1%26dbm_d%3DAKAmf-Bp7WlNvsajL4aZbjNYN-ou4pSEbsVvPyMYoDq7dZC4vIRxKzC75faZkO6LpV1NnjZnVVPkIqihPRuSFIEHzM7KhXTRThg9Cwu3MfvuRpzZR00-aD6ogzH4QshzrwGb3Hok-vMa_vfoVBCBke-dRCmTIAuWPKm6u8yXf5BhpdPgv26Zyq-NmbDUFaLSLtd_iMqsuUHGH2KPGuWQDP95fmlJgTbPJ8RFQQLRI31f7G3CtyFcyDg2Yz_XKmsQOyky7E6k1FvdwiRwIZGw9sFtv7oj-FuL1Q6sz3h4_ms1uhji1IDhPsQHAmghk05Q_P3oECMaAGaseTZhroXQymMdSB6oO6ayHNc5sMt6m0J36Nxx95x1DKT0-WE5DgqlnIuVh0vzcF3P9hMbu7J7vWe7Qo-YPWOu530nWhMr7eZTlT6XS04wRkhw45PiN_otkZK6TWdppQNKzi0gmo4roFLBOjC-4RWWp7G-Bz2p4sFuhzaB8_5Op2Yo2dOsUEY31lkeyvax3teqhHQW7_SZcj5UzwO2-9uGiw%26adurl%3D&documentReferer=https%3A%2F%2Fnokta.md%2F&ancestorOrigins=https%3A%2F%2Fnokta.md&random=3598323939384&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 160

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055

Request Chain 172

https://gum.criteo.com/sid/json?origin=publishertag&domain=nokta.md&sn=ChromeSyncframe&so=0&topUrl=nokta.md&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=INH693xDbXRCd0VwaktTRUpyV2Q1b2tpYUdoTXpCWFA0NmFrLzhxcEx5cEtsT29lOW5ERnZyeC9vdHVSbUVrN3lvcjF1RFozWDg5M1lndTlmaUd5cjQwWGV1Y29Od0wyWGpHMHlkR0dCM2dLaENDeXB3WEJ1QnJNck95MmxXZ1dkS0ZpazhLUmMxQjZaNjZPdFFoWWdhU09kdlMxeFlsL3lwSWN5QlkvS3gyVlIxYWlGd3R1U3BTOWhwdXVDV3VIQ29JR1o4RDhyRE4vTWluV2NPTUFBbHdWYjVtaEtxSWtldVJEN2FaR053Y1NGS05qVzUyWWFHZGZtWFJ4UVZpNklWYTdidU51QmVJYXNBc1hrcE5kMm15QWFaUT09fA&cppv=2

Request Chain 190

https://x.bidswitch.net/sync?ssp=between HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=between HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=between&bsw_custom_parameter=d5de31a4-5fea-4c50-95a8-aa476d52301f HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=between&bsw_custom_parameter=d5de31a4-5fea-4c50-95a8-aa476d52301f HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=4fd052c4-bc3d-4181-901d-2910bb9b94ea&user_group=1&ssp=between&bsw_param=d5de31a4-5fea-4c50-95a8-aa476d52301f HTTP 302
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=d5de31a4-5fea-4c50-95a8-aa476d52301f

Request Chain 191

https://px.adhigh.net/p/cm/btw HTTP 302
https://px.adhigh.net/p/cm/btw?bounced=1 HTTP 302
https://ads.betweendigital.com/match?bidder_id=37&external_user_id=xWQDi9MiQRA.AikABlGISaFF_A

Request Chain 192

https://ups.analytics.yahoo.com/ups/58665/occ?gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58665/occ?gdpr=0&gdpr_consent=&verify=true HTTP 302
https://ads.betweendigital.com/match?bidder_id=251&external_user_id=eS0wZnVaLkZKRTJ1RzVzMVBiR081c0dfUUhJVjBMem1KZUNnTUo4SGstfkE%3D&gdpr=0

Request Chain 196

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0db1646c-f616-4f00-8c06-9da67ae5df6b&gdpr=0&gdpr_consent=

Request Chain 197

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828011460001

Request Chain 198

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 199

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5175650257480605517

Request Chain 200

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=DCABF644-19AF-4E86-9058-2351B3060B1F&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=DCABF644-19AF-4E86-9058-2351B3060B1F&redir=true&gdpr=0&gdpr_consent=&dcc=t

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3Kv2RBmvToaQWCNRswYLHw%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 203

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=3090041359 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=DCABF644-19AF-4E86-9058-2351B3060B1F

Request Chain 204

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=DCABF644-19AF-4E86-9058-2351B3060B1F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=ZTNiQk1VZ3c1WkFSVTZOc21mWm5oYjVNZw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%253D%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=2274617058749943503&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D HTTP 302
https://a.audrte.com/p

Request Chain 205

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RENBQkY2NDQtMTlBRi00RTg2LTkwNTgtMjM1MUIzMDYwQjFG&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENZ0T_bhponwZdWLvOX_cZA&google_cver=1

Request Chain 208

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=2274617058749943503

Request Chain 210

https://x.bidswitch.net/sync?ssp=between HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dbetween%26bsw_param%3Dd5de31a4-5fea-4c50-95a8-aa476d52301f&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=0db1646c-f616-4f00-8c06-9da67ae5df6b&expires=30&ssp=between&bsw_param=d5de31a4-5fea-4c50-95a8-aa476d52301f&gdpr=&gdpr_consent= HTTP 302
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=d5de31a4-5fea-4c50-95a8-aa476d52301f

Request Chain 211

https://sync.bumlam.com/?src=aid0 HTTP 302
https://sync.bumlam.com/?src=aid0&s_data=CAIQARiW7LOjBqIBED9gaID5jhHthuAAJZDAZHw* HTTP 302
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=3f606880-f98e-11ed-86e0-002590c0647c HTTP 302
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=3f606880-f98e-11ed-86e0-002590c0647c&bounce=1 HTTP 302
https://sync.bumlam.com/?src=aid1&uid=mkQPuQ1LE39JkVeyC3xUzg& HTTP 302
https://an.yandex.ru/mapuid/adsniperis/3f606880-f98e-11ed-86e0-002590c0647c

Request Chain 212

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=btwnex&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu

Request Chain 215

https://www.tns-counter.ru/V13a****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/805063 HTTP 302
https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/805063

Request Chain 216

https://x.bidswitch.net/sync?dsp_id=429&user_id=4eb95fa2-e5c1-528f-b9ae-99b2ddc26fa0&expires=60 HTTP 302
https://cpm.convergeselect.net/user-sync?dsp=328334&t=image&gdpr=&gdpr_consent=&uid=d5de31a4-5fea-4c50-95a8-aa476d52301f

218 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
nokta.md/
Redirect Chain

http://nokta.md/
https://nokta.md/

221 KB
54 KB

141ms
119ms

Document
text/html

2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cec2e967c0e6a017e4d00a39a1b3b5538ffa9e282c19283a009a56186b795eb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7cbef98d9a9b3661-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 23 May 2023 17:21:21 GMT
last-modified: Tue, 23 May 2023 17:18:50 GMT
server: cloudflare
vary: Accept-Encoding
wpo-cache-status: cached

Redirect headers

CF-RAY: 7cbef98d2e2f8fe8-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 23 May 2023 17:21:21 GMT
Expires: Tue, 23 May 2023 18:21:21 GMT
Location: https://nokta.md/
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 weather-module.css
nokta.md/wp-content/themes/nokta/plugins/weather-module/assets/ 2 KB
741 B 18ms
14ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/plugins/weather-module/assets/weather-module.css?ver=6.1.3
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b379e1be66deeb14ae4b5d398f02cc51309d5396faed455ace3b6ed9c00c1837

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 289498
cf-polished: origSize=3293
etag: W/"622f92ae-cdd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b873661-FRA
expires: Sun, 19 May 2024 08:56:23 GMT

GET
H2 200 currency-module.css
nokta.md/wp-content/themes/nokta/plugins/currency-module/assets/ 240 B
235 B 23ms
19ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/plugins/currency-module/assets/currency-module.css?ver=6.1.3
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e113a863badcfa7f3cda776d5208d1f965b48a66455dffd12050ceac9dfaf16b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 289498
cf-polished: origSize=307
etag: W/"622f92ae-133"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b883661-FRA
expires: Sun, 19 May 2024 08:56:23 GMT

GET
H2 200 classic-themes.min.css
nokta.md/wp-includes/css/ 217 B
279 B 20ms
16ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 09 Nov 2022 11:56:33 GMT
server: cloudflare
age: 9628192
etag: W/"636b9571-d9"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b893661-FRA
expires: Thu, 01 Feb 2024 06:51:29 GMT

GET
H2 200 styles.css
nokta.md/wp-content/plugins/contact-form-7/includes/css/ 2 KB
944 B 24ms
20ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.6
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e7c083e0e173f849fa0582a9332bf40a3567c49ff818f28b0e4dca93930c6e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sun, 23 Apr 2023 08:51:59 GMT
server: cloudflare
age: 2622021
cf-polished: origSize=2859
etag: W/"6444f1af-b2b"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b8a3661-FRA
expires: Mon, 22 Apr 2024 09:01:00 GMT

GET
H2 200 light.css
nokta.md/wp-content/plugins/easy-liveblogs/assets/css/themes/ 1 KB
529 B 25ms
21ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/plugins/easy-liveblogs/assets/css/themes/light.css?ver=2.3.4
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 755e2a1b53d5fc608e6d8246898a6cc164a7bc3f8a2a47446864e5d80a6dc467

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 31 Mar 2023 15:23:23 GMT
server: cloudflare
age: 4585347
cf-polished: origSize=1223
etag: W/"6426faeb-4c7"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b8c3661-FRA
expires: Sat, 30 Mar 2024 15:38:54 GMT

GET
H2

200

swiper-bundle.min.css
unpkg.com/swiper@9.3.2/
Redirect Chain

https://unpkg.com/swiper/swiper-bundle.min.css?ver=6.1.3
https://unpkg.com/swiper/swiper-bundle.min.css
https://unpkg.com/swiper@9.3.2/swiper-bundle.min.css

17 KB
5 KB

17ms
17ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@9.3.2/swiper-bundle.min.css

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55564d0504733b999d0cd481c189881f733b1a5b2984a4629af62d8cc495d895

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 710010
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01H0FMYG0171G49BG07SMJM5J9-fra
server: cloudflare
etag: W/"45f1-DyeSz//WzmXqkOBzNlh8cq0wmCg"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7cbef98edbdf30e7-FRA

Redirect headers

date: Tue, 23 May 2023 17:21:21 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01H14SWV3DBY36HXTBTBJTJFCT-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 182
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /swiper@9.3.2/swiper-bundle.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7cbef98ebbb030e7-FRA

GET
H2 200 letmescroll.css
nokta.md/wp-content/themes/nokta/public/assets/vendors/let-me-scroll/ 927 B
412 B 22ms
18ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/vendors/let-me-scroll/letmescroll.css?ver=6.1.3
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb4fd441dc86393bf0164b078904c830988b914d686ebcf23c3c13fdaacad0d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 289498
cf-polished: origSize=1412
etag: W/"622f92ae-584"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b8d3661-FRA
expires: Sun, 19 May 2024 08:56:23 GMT

GET
H2 200 style.css
nokta.md/wp-content/plugins/newsletter/ 4 KB
965 B 20ms
17ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/plugins/newsletter/style.css?ver=7.7.0
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e7cc51d03f0d99bdf8b405b9fce6dd02b1064c4d8afe0308493db1172ded65c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 28 Apr 2023 08:51:54 GMT
server: cloudflare
age: 2189992
cf-polished: origSize=6282
etag: W/"644b892a-188a"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b903661-FRA
expires: Sat, 27 Apr 2024 09:01:28 GMT

GET
H2 200 style.css
nokta.md/wp-content/themes/nokta/ 0
114 B 27ms
24ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/style.css
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 2372443
cf-polished: origSize=274
etag: W/"622f92ae-112"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b933661-FRA
expires: Thu, 25 Apr 2024 06:20:38 GMT

GET
H2 200 fonts.css
nokta.md/wp-content/themes/nokta/public/assets/css/ 3 KB
461 B 25ms
22ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts.css
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 980ae1a7d20f556f83c9f329c8a216e9ba1b1aa5a73c7c33cb6a03fc182fdd7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 20 Jun 2022 15:50:08 GMT
server: cloudflare
age: 9628192
cf-polished: origSize=2809
etag: W/"62b09730-af9"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b953661-FRA
expires: Thu, 01 Feb 2024 06:51:29 GMT

GET
H2 200 styles.css
nokta.md/wp-content/themes/nokta/public/assets/css/ 281 KB
43 KB 96ms
94ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/styles.css?ver=0.74751800%201684862329
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfcc1919e0ceebdd9b19a2b7da55e98a3752f9253378aa75ca14537964e9e912

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 06 Sep 2022 15:23:15 GMT
server: cloudflare
etag: W/"631765e3-463c3"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98e6b973661-FRA
expires: Wed, 22 May 2024 17:21:21 GMT

GET
H2 200 jquery.min.js Show response
nokta.md/wp-includes/js/jquery/ 88 KB
31 KB 28ms
26ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 09 Nov 2022 11:56:33 GMT
server: cloudflare
age: 9628192
etag: W/"636b9571-15e54"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e7b9e3661-FRA
expires: Thu, 01 Feb 2024 06:51:29 GMT

GET
H2 200 jquery-migrate.min.js Show response
nokta.md/wp-includes/js/jquery/ 11 KB
4 KB 27ms
25ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 Feb 2021 09:09:05 GMT
server: cloudflare
age: 9628192
etag: W/"602cdd31-2bd8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e7b9f3661-FRA
expires: Thu, 01 Feb 2024 06:51:29 GMT

GET
H2 200 easy-liveblogs.js Show response
nokta.md/wp-content/plugins/easy-liveblogs/assets/js/ 296 KB
73 KB 34ms
32ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/plugins/easy-liveblogs/assets/js/easy-liveblogs.js?ver=2.3.4
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 226a7d74481c9d415acae1eeb7ba0d5910bcbe331d20798d8a9a10e105087ab4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 31 Mar 2023 15:23:23 GMT
server: cloudflare
age: 4585347
cf-polished: origSize=302667
etag: W/"6426faeb-49e4b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e7ba13661-FRA
expires: Sat, 30 Mar 2024 15:38:54 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
25 KB 118ms
66ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1135cec95684f44d579e2ca4bd2b78d3406a9b6013de2d039003da581a631639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25353
x-xss-protection: 0
server: cafe
etag: 130 / 19500 / 31074815 / config-hash: 4869622416900102247
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:21 GMT

GET
H2 200 context.js Show response
yandex.ru/ads/system/ 295 KB
87 KB 207ms
99ms Script
text/javascript 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/context.js

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

d27d23ebcca04710b498721373481c9f1e926c8e9fffed96cc0e1bfaf52e7bd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1684862481922080-10984359811666328771-balancer-l7leveler-kubr-yp-sas-134-BAL-7013
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 23 May 2023 18:21:21 GMT

GET
H2 200 prebid_preprod.js Show response
prebid.dsail-tech.com/ 335 KB
335 KB 62ms
20ms Script
text/plain 2606:4700:3031::ac43:bc1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.dsail-tech.com/prebid_preprod.js
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:bc1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6003a79eb6e295b7201e52c760ae0df7cc776c85b7f819805fcdd57545efde21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
last-modified: Tue, 23 May 2023 16:56:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1495
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XfH%2B3NEdYbr98Yd75MT3vXeM5ajS87Yxb3HlNtULVOaoWJ5L%2FQla1S%2Bx5giNMeGZmnMx2rqrWNvQPkJT7HQ45lxhuNY4rDgh3f4%2FwTr4n7TheUHTX%2FMMTsiWRIlQb4EyQrSZPQzzXYxGgERQkuh1FxpVc3E%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400
cf-ray: 7cbef98f7fc3921f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
79 KB 50ms
28ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-16NB6NMBW8

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

30005625295c25a57df6f524b008677143f0b92de497142225952a263a25df22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80315
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 23 May 2023 17:21:21 GMT

GET
H2 200 wp-emoji-release.min.js Show response
nokta.md/wp-includes/js/ 18 KB
5 KB 23ms
22ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-includes/js/wp-emoji-release.min.js?ver=6.1.3
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 05 Jun 2022 13:34:59 GMT
server: cloudflare
age: 289497
etag: W/"629cb103-48b9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98f3c8f3661-FRA
expires: Sun, 19 May 2024 08:56:24 GMT

GET
H2 200 email-decode.min.js Show response
nokta.md/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
836 B 9ms
8ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nokta.md/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 May 2023 14:45:11 GMT
server: cloudflare
etag: W/"64678b77-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7cbef98e9bd83661-FRA
expires: Thu, 25 May 2023 17:21:21 GMT

GET
H2 200 weather-module.js Show response
nokta.md/wp-content/themes/nokta/plugins/weather-module/assets/ 471 B
386 B 19ms
17ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/plugins/weather-module/assets/weather-module.js
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d475d615b9fafc607716fb61db14ff3688a9ce6ea13cf27cc7343a33ac250b8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 16 Mar 2022 15:42:40 GMT
server: cloudflare
age: 2370200
cf-polished: origSize=680
etag: W/"62320570-2a8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e9bda3661-FRA
expires: Thu, 25 Apr 2024 06:58:01 GMT

GET
H2 200 currency-module.js Show response
nokta.md/wp-content/themes/nokta/plugins/currency-module/assets/ 554 B
391 B 20ms
19ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/plugins/currency-module/assets/currency-module.js
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b64479e3b6a6ac6055d31fdb43521c021d081db817a44210f66753035aadb00b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 16 Mar 2022 15:42:42 GMT
server: cloudflare
age: 9628192
cf-polished: origSize=760
etag: W/"62320572-2f8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e9bdb3661-FRA
expires: Thu, 01 Feb 2024 06:51:29 GMT

GET
H2 200 index.js Show response
nokta.md/wp-content/plugins/contact-form-7/includes/swv/js/ 10 KB
3 KB 16ms
14ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.6
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52db930f81d97113dde679cac624cb5435b56d4ac486e91a0b6692d2cb615a84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sun, 23 Apr 2023 08:51:59 GMT
server: cloudflare
age: 2372232
etag: W/"6444f1af-2801"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e9bdc3661-FRA
expires: Thu, 25 Apr 2024 06:24:09 GMT

GET
H2 200 index.js Show response
nokta.md/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 24ms
23ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.6
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sun, 23 Apr 2023 08:51:59 GMT
server: cloudflare
age: 2622021
etag: W/"6444f1af-328f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e9bdd3661-FRA
expires: Mon, 22 Apr 2024 09:01:00 GMT

GET
H2

200

swiper-bundle.min.js Show response
unpkg.com/swiper@9.3.2/
Redirect Chain

https://unpkg.com/swiper/swiper-bundle.min.js?ver=6.1.3
https://unpkg.com/swiper/swiper-bundle.min.js
https://unpkg.com/swiper@9.3.2/swiper-bundle.min.js

137 KB
39 KB

20ms
20ms

Script
application/javascript

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@9.3.2/swiper-bundle.min.js

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c6da2b8945cfae44eb209ac3de3e763d3405eecbdea8f749710050fe321721e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 710019
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01H0FMY8BRER0T14B96H60ZP2C-fra
server: cloudflare
etag: W/"2228c-FSMR0J36tmZGZD/R/QM2SptNStI"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7cbef98eebe830e7-FRA

Redirect headers

date: Tue, 23 May 2023 17:21:21 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01H14SQM6W5TVZVPM89GYRWR47-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 353
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /swiper@9.3.2/swiper-bundle.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7cbef98ecbc530e7-FRA

GET
H2 200 letmescroll.js Show response
nokta.md/wp-content/themes/nokta/public/assets/vendors/let-me-scroll/ 9 KB
2 KB 19ms
18ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/vendors/let-me-scroll/letmescroll.js?ver=6.1.3
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a58e459f0f0d44911ae785b7692808fb88ca627366042b7726024b1fd146d18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 289497
cf-polished: origSize=17581
etag: W/"622f92ae-44ad"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e9bdf3661-FRA
expires: Sun, 19 May 2024 08:56:24 GMT

GET
H2 200 utils.js Show response
nokta.md/wp-content/themes/nokta/public/assets/js/ 2 KB
1 KB 18ms
17ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/js/utils.js?ver=6.1.3
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d23604d7a309832b4a5ac8d1a857ed67b052b3dfde8f6ad2667a384824b9c20d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 289497
cf-polished: origSize=3291
etag: W/"622f92ae-cdb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e9be03661-FRA
expires: Sun, 19 May 2024 08:56:24 GMT

GET
H2 200 scripts.js Show response
nokta.md/wp-content/themes/nokta/public/assets/js/ 33 KB
7 KB 68ms
67ms Script
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/js/scripts.js?ver=0.74754200%201684862329
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd301403c1ea9b6b2a13c4da6155bfd44ce4a52b804cdf1ce376f7b76e26b60c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 15 Mar 2022 10:22:36 GMT
server: cloudflare
etag: W/"623068ec-83b9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7cbef98e9be13661-FRA
expires: Wed, 22 May 2024 17:21:21 GMT

GET
H2 200 v52afc6f149f6479b8c77fa569edb01181681764108816 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 74ms
54ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: gzip
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
server: cloudflare
etag: W/2023.4.2
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7cbef98f5e0392b3-FRA

GET
H2 200 easy-liveblogs.css
nokta.md/wp-content/plugins/easy-liveblogs/assets/css/ 640 B
368 B 20ms
19ms Stylesheet
text/css 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/plugins/easy-liveblogs/assets/css/easy-liveblogs.css
Requested by: Host: nokta.md
URL: https://nokta.md/wp-content/plugins/easy-liveblogs/assets/css/themes/light.css?ver=2.3.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8c1ffafa4cfd35df4f7a3b7c640a87515cc88202d806f824b85d2d0e7e73e02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/wp-content/plugins/easy-liveblogs/assets/css/themes/light.css?ver=2.3.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 31 Mar 2023 15:23:23 GMT
server: cloudflare
age: 2370200
cf-polished: origSize=770
etag: W/"6426faeb-302"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7cbef98eabe83661-FRA
expires: Thu, 25 Apr 2024 06:58:01 GMT

GET
H2 200 xgemius.js Show response
gamd.hit.gemius.pl/ 64 KB
18 KB 256ms
150ms Script
application/x-javascript 128.140.224.228
GTS-BACKBONE GTS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://gamd.hit.gemius.pl/xgemius.js
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 128.140.224.228 , Romania, ASN5606 (GTS-BACKBONE GTS Telecom, RO),
Reverse DNS
Software: GHC /
Resource Hash: 9cf29cebf607fff8cce66b1b38ae097bd4574dff76124814c7ef7cba72cf4c6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: gzip
last-modified: Fri, 12 May 2023 12:38:55 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 18031
expires: Wed, 24 May 2023 05:21:22 GMT

GET
H2 200 theme-bg-2.svg
nokta.md/wp-content/uploads/2022/03/ 44 KB
18 KB 29ms
28ms Image
image/svg+xml 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2022/03/theme-bg-2.svg
Requested by: Host: nokta.md
URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/styles.css?ver=0.74751800%201684862329
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 644ccd7943c4660591d9bbc9572fc65a7033678e5b362b977f207d5f12fc4322

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/wp-content/themes/nokta/public/assets/css/styles.css?ver=0.74751800%201684862329
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 18:59:49 GMT
server: cloudflare
age: 2362088
etag: W/"622f90a5-ae7e"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
cf-ray: 7cbef98f3c9b3661-FRA
expires: Fri, 26 May 2023 09:13:13 GMT

GET
H2 200 Panton-Regular.otf
nokta.md/wp-content/themes/nokta/public/assets/css/fonts/Panton-Regular/ 145 KB
145 KB 26ms
25ms Font
application/octet-stream 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts/Panton-Regular/Panton-Regular.otf
Requested by: Host: nokta.md
URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f234f4600c91c7979ec9ed19d80dfdf80cfe78c64fcaa49c0b1364d0ecfa24f

Request headers

Referer: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts.css
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 2372232
etag: "622f92ae-24348"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7cbef98f4ca23661-FRA
content-length: 148296
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Panton-Bold.otf
nokta.md/wp-content/themes/nokta/public/assets/css/fonts/Panton-Bold/ 145 KB
146 KB 17ms
16ms Font
application/octet-stream 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts/Panton-Bold/Panton-Bold.otf
Requested by: Host: nokta.md
URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1bba70edaffa6d4e72cd19e4946ca22732b1ca05c62d4ba02c7a2668abfd4a1

Request headers

Referer: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts.css
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 9628191
etag: "622f92ae-24568"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7cbef98f4ca33661-FRA
content-length: 148840
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dizajn-bez-nazvaniya-10-1.png
nokta.md/wp-content/uploads/2023/05/ 477 KB
478 KB 16ms
16ms Image
image/webp 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/dizajn-bez-nazvaniya-10-1.png
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30cbce948edf2f38d143353c1d4a562166a2e10058f669bba223d02d495e2332

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
age: 11564
cf-polished: origFmt=png, origSize=806283
content-disposition: inline; filename="dizajn-bez-nazvaniya-10-1.webp"
content-length: 488260
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 May 2023 12:48:26 GMT
server: cloudflare
etag: "646cb61a-c4d8b"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98f7ce63661-FRA
expires: Thu, 22 Jun 2023 14:08:37 GMT

GET
H2 200 mycollages-8-2.jpg
nokta.md/wp-content/uploads/2023/05/ 204 KB
205 KB 21ms
21ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/mycollages-8-2.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b8f2e139982264599c8c2fe3ee4942009c221abf76ee87f58f2a8193cdaa895

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
last-modified: Mon, 08 May 2023 12:37:05 GMT
server: cloudflare
age: 1309499
cf-polished: origSize=218068, status=webp_bigger
etag: "6458ecf1-353d4"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98f7cea3661-FRA
content-length: 209274
expires: Wed, 07 Jun 2023 13:36:22 GMT

GET
H2 200 Panton-Light.otf
nokta.md/wp-content/themes/nokta/public/assets/css/fonts/Panton-Light/ 145 KB
146 KB 19ms
18ms Font
application/octet-stream 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts/Panton-Light/Panton-Light.otf
Requested by: Host: nokta.md
URL: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4ab2276dcf53c0ae41925d1dd8df947069bd907812e7e4c9a8852d3f8c3c85a

Request headers

Referer: https://nokta.md/wp-content/themes/nokta/public/assets/css/fonts.css
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 2370200
etag: "622f92ae-24500"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7cbef98f8cf53661-FRA
content-length: 148736
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 OpenWeatherIcons.woff2
nokta.md/wp-content/themes/nokta/plugins/weather-module/assets/fonts/ 3 KB
3 KB 24ms
24ms Font
application/octet-stream 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/wp-content/themes/nokta/plugins/weather-module/assets/fonts/OpenWeatherIcons.woff2
Requested by: Host: nokta.md
URL: https://nokta.md/wp-content/themes/nokta/plugins/weather-module/assets/weather-module.css?ver=6.1.3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f21f36b76aa068bb644f2ede985d8261ba98a13404ab9d82d6b91513bebd5c9

Request headers

Referer: https://nokta.md/wp-content/themes/nokta/plugins/weather-module/assets/weather-module.css?ver=6.1.3
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 19:08:30 GMT
server: cloudflare
age: 2596558
etag: "622f92ae-bbc"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7cbef98f8cf73661-FRA
content-length: 3004
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 youtube-thumb-1-guest-title-88-400x225.jpg
nokta.md/wp-content/uploads/2023/05/ 23 KB
23 KB 79ms
76ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/youtube-thumb-1-guest-title-88-400x225.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd9ef05fac8cc3ceabd959275eb6921ce1991edaba3cf8b04531409e4fbd4576

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: MISS
last-modified: Tue, 23 May 2023 15:47:57 GMT
server: cloudflare
etag: "646ce02d-5cd2"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd393661-FRA
content-length: 23762
expires: Thu, 22 Jun 2023 17:21:21 GMT

GET
H2 200 13ad72a4-9b85-4590-b62c-3ea0bce6c74f_348976680513449750864865652827739792911934n-400x240.jpg
nokta.md/wp-content/uploads/2023/05/ 22 KB
22 KB 105ms
102ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/13ad72a4-9b85-4590-b62c-3ea0bce6c74f_348976680513449750864865652827739792911934n-400x240.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 025f0fa2318b3403320f2fa40a005a5963591078d4cefc73ce34232248dca954

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: MISS
last-modified: Tue, 23 May 2023 13:56:50 GMT
server: cloudflare
etag: "646cc622-5948"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd3a3661-FRA
content-length: 22856
expires: Thu, 22 Jun 2023 17:21:21 GMT

GET
H2 200 dizajn-bez-nazvaniya-10-1-360x240.png
nokta.md/wp-content/uploads/2023/05/ 141 KB
141 KB 91ms
88ms Image
image/png 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/dizajn-bez-nazvaniya-10-1-360x240.png
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e49aa7746ff1d6a5d073f9e7bcdaa97974b74650fe602d3bd00e246a987fedd6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: MISS
last-modified: Tue, 23 May 2023 12:48:26 GMT
server: cloudflare
etag: "646cb61a-232cf"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd3b3661-FRA
content-length: 144079
expires: Thu, 22 Jun 2023 17:21:21 GMT

GET
H2 200 photo_2023-05-23_13-28-33-298x240.jpg
nokta.md/wp-content/uploads/2023/05/ 21 KB
21 KB 78ms
75ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/photo_2023-05-23_13-28-33-298x240.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddaf7d0e49561b75a071a3330893067bfcfa884fe135d725a9b94f6da753293b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: MISS
last-modified: Tue, 23 May 2023 12:11:20 GMT
server: cloudflare
etag: "646cad68-52b4"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd3d3661-FRA
content-length: 21172
expires: Thu, 22 Jun 2023 17:21:21 GMT

GET
H2 200 049049049053049052-360x240.jpg
nokta.md/wp-content/uploads/2023/05/ 13 KB
14 KB 67ms
64ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/049049049053049052-360x240.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff041b575ce7efac2d3aa02f774de6205a113c0d408f5e42dc4aa9883a8f4c8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: MISS
last-modified: Tue, 23 May 2023 08:56:20 GMT
server: cloudflare
etag: "646c7fb4-35ef"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd3f3661-FRA
content-length: 13807
expires: Thu, 22 Jun 2023 17:21:21 GMT

GET
H2 200 exterior-view.jpg
nokta.md/wp-content/uploads/2023/05/ 83 KB
84 KB 22ms
20ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/exterior-view.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: abc94707f2cd54cac4f779775a6d1de6331a87327ed766a44fe9516c26df3456

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 May 2023 13:52:40 GMT
server: cloudflare
age: 690
cf-polished: origSize=88589, status=webp_bigger
etag: "646cc528-15a0d"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd403661-FRA
content-length: 85248
expires: Thu, 22 Jun 2023 17:09:51 GMT

GET
H2 200 turkey-1349838_960_720.jpg
nokta.md/wp-content/uploads/2023/05/ 185 KB
185 KB 20ms
17ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/turkey-1349838_960_720.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: daf645bbe5045476c4efc0e2fabcffb94dcb0d73ebec21f6db7c9edb13ae48e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
last-modified: Wed, 17 May 2023 09:00:14 GMT
server: cloudflare
age: 542944
cf-polished: origSize=199882, status=webp_bigger
etag: "6464979e-30cca"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd423661-FRA
content-length: 189012
expires: Fri, 16 Jun 2023 10:32:17 GMT

GET
H2 200 screenshot-2023-05-02t164822.008.png
nokta.md/wp-content/uploads/2023/05/ 187 KB
188 KB 24ms
22ms Image
image/webp 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/screenshot-2023-05-02t164822.008.png
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74f5d8be26e5c3cd5a0cc8e16c7c76e70cd0f8a0f742a2b28b04d3094d858a64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
age: 43070
cf-polished: origFmt=png, origSize=339817
content-disposition: inline; filename="screenshot-2023-05-02t164822.webp"
content-length: 191722
cf-bgj: imgq:100,h2pri
last-modified: Tue, 02 May 2023 13:48:40 GMT
server: cloudflare
etag: "645114b8-52f69"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd443661-FRA
expires: Thu, 22 Jun 2023 05:23:31 GMT

GET
H2 200 snimok-ekrana-2023-05-19-102644-361x240.jpg
nokta.md/wp-content/uploads/2023/05/ 21 KB
22 KB 112ms
109ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/snimok-ekrana-2023-05-19-102644-361x240.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d324704b0215a285dfad935dc306dcde2253c66159e32c93f6f21d5f2497aedb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: MISS
last-modified: Fri, 19 May 2023 07:27:11 GMT
server: cloudflare
etag: "646724cf-55b2"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd453661-FRA
content-length: 21938
expires: Thu, 22 Jun 2023 17:21:21 GMT

GET
H2 200 83-360x240.png
nokta.md/wp-content/uploads/2023/05/ 115 KB
115 KB 28ms
26ms Image
image/webp 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/83-360x240.png
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1638cca66bf3f31040fa288d30890d4a8247ba3ae82a10941691b16d8a3319a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
age: 43200
cf-polished: origFmt=png, origSize=180394
content-disposition: inline; filename="83-360x240.webp"
content-length: 117502
cf-bgj: imgq:100,h2pri
last-modified: Wed, 17 May 2023 11:58:20 GMT
server: cloudflare
etag: "6464c15c-2c0aa"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd463661-FRA
expires: Thu, 22 Jun 2023 05:21:21 GMT

GET
H2 200 347013742_587917316787666_3222922558864508225_n.jpg
nokta.md/wp-content/uploads/2023/05/ 149 KB
149 KB 29ms
26ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/347013742_587917316787666_3222922558864508225_n.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58e0e416b186bd4589078adccd3b438ba6d64b2ccd0c8140cb18a4db73d744e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
last-modified: Tue, 16 May 2023 07:22:21 GMT
server: cloudflare
age: 634426
cf-polished: origSize=170171, status=webp_bigger
etag: "64632f2d-298bb"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd473661-FRA
content-length: 152240
expires: Thu, 15 Jun 2023 09:07:35 GMT

GET
H2 200 343582490_190874963339341_3420988253256099467_n.jpg
nokta.md/wp-content/uploads/2023/05/ 145 KB
145 KB 23ms
21ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/343582490_190874963339341_3420988253256099467_n.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd3f1fcb8843f5635e639a688ccd30baefb1baf9c9da9c16b524dca5c56c2404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
last-modified: Fri, 12 May 2023 14:28:01 GMT
server: cloudflare
age: 210570
cf-polished: origSize=162353, status=webp_bigger
etag: "645e4cf1-27a31"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd493661-FRA
content-length: 148631
expires: Tue, 20 Jun 2023 06:51:51 GMT

GET
H2 200 cik.png
nokta.md/wp-content/uploads/2023/04/ 590 KB
591 KB 29ms
27ms Image
image/webp 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/04/cik.png
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d722f22f55be25a416bac650c92727a60e32ff4b6dfacb0a44402867db7b880b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: HIT
age: 247873
cf-polished: origFmt=png, origSize=934770
content-disposition: inline; filename="cik.webp"
content-length: 604198
cf-bgj: imgq:100,h2pri
last-modified: Fri, 07 Apr 2023 08:17:10 GMT
server: cloudflare
etag: "642fd186-e4372"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd4b3661-FRA
expires: Mon, 19 Jun 2023 20:30:08 GMT

GET
H2 200 chto-takoe-defolt-380x240.jpg
nokta.md/wp-content/uploads/2023/05/ 16 KB
16 KB 79ms
77ms Image
image/jpeg 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nokta.md/wp-content/uploads/2023/05/chto-takoe-defolt-380x240.jpg
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdb9557866029aa0a3b947dab1af085e8740ff959eefbc4cb82f8f4ee1212a47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
cf-cache-status: MISS
last-modified: Thu, 04 May 2023 15:40:40 GMT
server: cloudflare
etag: "6453d1f8-3f04"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 7cbef98fbd4d3661-FRA
content-length: 16132
expires: Thu, 22 Jun 2023 17:21:21 GMT

GET
H2

200

invisible.js Show response
nokta.md/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/ Frame E04E
Redirect Chain

https://nokta.md/cdn-cgi/challenge-platform/scripts/invisible.js
https://nokta.md/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/invisible.js

23 KB
10 KB

15ms
13ms

Script
application/javascript

2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nokta.md/cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/invisible.js

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Server

2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68d4f611c9959aa66dc2773811d9b75aeaf39b4cf04eec737aa059e4b5f70914

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7cbef9913f503661-FRA

Redirect headers

access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/7fe8adc8/invisible.js
date: Tue, 23 May 2023 17:21:22 GMT
cache-control: max-age=300, public
server: cloudflare
cf-ray: 7cbef990ae9d3661-FRA
vary: accept-encoding

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/ 408 KB
126 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js?cb=31074815

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef30c883b4b4e4b45057fb38e75477aa1b847d061b19ff032e26c5d3a789961c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 22 May 2023 17:36:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85500
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128769
x-xss-protection: 0
server: cafe
etag: 11452098575748349983
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 21 May 2024 17:36:22 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 90 B
94 B 58ms
41ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=nokta.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23f1cf894af232eefc7489d3fe3d620cb38ede4291dc191b27ebeadafa2fb5f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69
x-xss-protection: 0
expires: Tue, 23 May 2023 17:21:22 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
249 B 38ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-16NB6NMBW8&gtm=45je35h0&_p=788069066&_gaz=1&cid=1290625941.1684862482&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1684862482&sct=1&seg=0&dl=https%3A%2F%2Fnokta.md%2F&dt=Nokta%20-%20%D0%9D%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%20%D0%93%D0%B0%D0%B3%D0%B0%D1%83%D0%B7%D0%B8%D0%B8&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-16NB6NMBW8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nokta.md
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
240 B 65ms
19ms Ping
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-16NB6NMBW8&cid=1290625941.1684862482&gtm=45je35h0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-16NB6NMBW8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nokta.md
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 117 KB
46 KB 26ms
25ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-111548798-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-16NB6NMBW8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d5eff7104f62c0be8e1ca73a65913ed407a7f3bc5d4c1968b0efc2bd2f1aaffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46577
x-xss-protection: 0
last-modified: Tue, 23 May 2023 17:02:42 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 23 May 2023 17:21:22 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 69ms
45ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-16NB6NMBW8&cid=1290625941.1684862482&gtm=45je35h0&aip=1&z=1772937239

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fpdata.js Show response
gamd.hit.gemius.pl/ 277 B
392 B 33ms
33ms Script
application/x-javascript 128.140.224.228
GTS-BACKBONE GTS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://gamd.hit.gemius.pl/fpdata.js?href=nokta.md
Requested by: Host: gamd.hit.gemius.pl
URL: https://gamd.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 128.140.224.228 , Romania, ASN5606 (GTS-BACKBONE GTS Telecom, RO),
Reverse DNS
Software: GHC /
Resource Hash: 168d9dfbb36118d33acd39c29944de9a8bca4d70fca59a94ce7b3d82d1ad0541

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 277
expires: Thu, 22 Jun 2023 17:21:22 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 0B75 5 KB
3 KB 122ms
29ms Document
text/html 146.59.30.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gamd.hit.gemius.pl
URL: https://gamd.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-146-59-30.eu
Software: GHC /
Resource Hash: 4862fc21a43fbc401fd4f3733ef79d44d50d643eec77926b16193e5d2dd96a3a

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: private, max-age=2592000
content-encoding: gzip
content-length: 2724
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:22 GMT
etag: PRIVATE7520710249
expires: Thu, 22 Jun 2023 17:21:22 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin,User-Agent

GET
H2 200 9a4f7f5bffa4da203571.js Show response
yastatic.net/partner-code-bundles/775430/ 14 KB
5 KB 157ms
74ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/775430/9a4f7f5bffa4da203571.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

99293a8b11c48433f554882fbe98a852079241835cf8dbedd33a62896d4df233

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 4777
last-modified: Mon, 22 May 2023 15:10:26 GMT
server: nginx/1.17.9
etag: "9619d20e575f8fa704e26cd1e66a2d55"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 22 May 2053 23:52:34 GMT

GET
H2 200 1d37052b1858b4bb0534.js Show response
yastatic.net/partner-code-bundles/775430/ 114 KB
24 KB 175ms
94ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/775430/1d37052b1858b4bb0534.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

6992c441b5da50c3096cb75c1bb60e699e62fe9e703b382ebbf6b263c22f9fd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 24240
last-modified: Mon, 22 May 2023 15:10:25 GMT
server: nginx/1.17.9
etag: "c832b70ce3d3075e17af64fb384ea03f"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 22 May 2053 23:52:34 GMT

GET
H2 200 host.js Show response
yastatic.net/safeframe-bundles/0.83/ 33 KB
9 KB 184ms
104ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/host.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8878
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
server: nginx/1.17.9
etag: "f80882bf67cf261aa08d636da095149a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 22 May 2053 23:55:38 GMT

GET
H2 200 text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 25 KB
26 KB 109ms
31ms Font
font/woff2 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26004
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
server: nginx/1.17.9
etag: "7f0cdaf91230f9789ca4162aedff612e"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556952
x-nginx-request-id: efd91a803cb61282
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 May 2024 23:08:56 GMT

GET
H2 200 v2 Show response
yandex.ru/ads/adfox/239538/getBulk/ 3 KB
2 KB 100ms
99ms XHR
application/json 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/adfox/239538/getBulk/v2?pr=3948302334&pr1=1953040464&dl=https%3A%2F%2Fnokta.md%2F&prr=&extid_loader=&extid_tag_loader=nokta.md&date=2023-05-23T17%3A21%3A22.205%2B00%3A00&pd=23&pw=2&pv=17&pdw=1600&pdh=1200&ylv=0.775430&ybv=0.775430&ytt=144036023369733&is-turbo=0&skip-token=&ad-session-id=9893891684862482221&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A9.8%2C%22supportHDRBrightness%22%3Afalse%2C%22isInIframe%22%3Afalse%2C%22w%22%3A1590%2C%22h%22%3A0%2C%22width%22%3A0%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A10%2C%22top%22%3A1190%2C%22darkTheme%22%3Afalse%2C%22req_no%22%3A0%2C%22ad_no%22%3A0%7D&enable-flat-highlight=1&pcode-version=775430&yaru=true&p1=cwutf&p2=y&slotNumber=1&bids=W10%3D&utf8=%E2%9C%93&pcode-test-ids=769361%2C0%2C41%3B764545%2C0%2C47%3B770128%2C0%2C89%3B769343%2C0%2C77%3B775303%2C0%2C2%3B771762%2C0%2C24%3B766725%2C0%2C0%3B755254%2C0%2C73%3B765109%2C0%2C53%3B767364%2C0%2C79%3B765112%2C0%2C75%3B770136%2C0%2C60%3B769629%2C0%2C33%3B773825%2C0%2C44%3B766403%2C0%2C10%3B681847%2C0%2C55&pcode-flags-map=eJytWNty2zYQ%2FZWOnjspr6CYN5AEJVQkwQKgFSXTwaiJ6qhjOx3HTtNk8u9dAJRMUg7kJH2xKUp7sNjbOcDn2QUWSizZWuFCVTgjlSoZV7RRGW4awmfPX32efdhe3e9mz2eSd2T28%2Bxu9%2F6OvoHPCIVhlMy%2B%2FP7zA0zLWdHlUijWqBZ3gjgREj%2BNQotAGpxVRJGc1Q8gFRVSO3NBC8L0A3ybMYV5PYLdffx7ghqHsUEtqDCwOesaqTgpKCe5hsRt6%2FYs8KIoOO4NNqLqrpKUs6oCtEbqB8LVGst8SQolaU0UK0tBpBs3DLxkEjNJJbiIm0JlrNjoTLSY45pIwC9IiWHdEWaJKzEGjZIIPYByIvlGJ6Ahcs34ShHOmTuVSYyiJD0i9MkQOYa%2FFV3BY8cvyAYQ1%2BCSoIvGDYe8JExO4H4EQ0iDcUG4oGxsmSQhQunINon92De2XUMrhgsIpS5sXI%2FSfnd7vxuYRcE8TD1rBgkXwnTCxGZabQMjyJwgpFEsEwS2Og757mb7x9VuZBmiILU7LOkLVcNaS0IXS6ka6V4yisPUbm8DZUNeKN6pgtWYNi6z2EuCEB3XyzhbgbOwllpwWjgt%2FSSeo0cXVNBiktPMaR74HoqM%2BUvSBKrsoInWtJBLRWu8IE7byI%2Fm3oPtoaMzxnVSOS5oJ356IsIGa7%2BtwwpXa7wRbssw6eNclC30lWhZA4Whm51146YMPM8b20ZeaPfc5qzQIwhMG%2BleLwaYvpRKBlEmunYP6ynywlkWsGSSBKfmtNQzZa2bCKrzexAODlzgqhtlK%2FQet64I5o2qGYeOxZziyb6D0aKx5%2FVRbjllnMqNyjYw88m6ZdwdMJSgvvcOddFP%2BFxwp2HqJ%2FNBRVKhcgxTUiqc55Al4ZgScRrGvj%2ByNVUsoKTlUoepxUVBm4UbJIoj67nhJihluWmJCt1eR%2FMkHqSn5jnESdCMVhA193Jpgr5qqckir2i%2BOrP6AcNQoVUICgZsSYEBqd5EiXN3N6fzoKc%2F60cPYgleMkN%2BFd5kOF8NaNYFibwgCoNROpbEDHyg%2B1OamVr7cYBsHjQvcVJCly9VxRY0d9vNw36kgZsl5bWuWU6aA9O0nGTuoYpgKgb%2BqHiBdThUEkgVEBUQAT0oRc41pwjh7H3kp34UDZXURDP1QgJelLShkkCR5iuQH87%2BQlHsITRyUdSYS%2FVbRzqiwc%2B5FSOE4iOJyyUHvTPxzKgTXYG0gflCgUOrM14lftJnHARKBaZ93HGp%2B4iWWjwpw%2FruBCTzFKVHui85BZhqo6y9Zv7WvbmxfbZSgr50lj%2FIlLDP0sBCmIIZR8W9bhp5yREFZm2hEZyaGKF5hPzpyqoGRYzdawWBZ2M9KEatF7SGW0nmjtAcRX546BKgXVD1sFUoGgU62OoAM3cspZ8eOU7wknl4ugu5cO8B0jT3h73xIEEfCb0Z4%2BfOGCgNUC8qbEeIFW2V5GZunZukKIVjjzWeLF1WTKvUopfMZ0DmfRd8DcQU1wjjz%2F1Hdb39qN7u9pdv774CZ05HakUynCkQis6jlgeMNGpF283rJVTJoGAaYFYzJxcdTGWVdfowlhN64e7QxPeinvA4V3ZAyw6Uhe10E2gzVLrF8sxBE5Bsq1b45cYMB2V02dDs8%2BzP3d3rt%2FX29nJ%2FM3vux6Burt%2F9sb%2Faidfbq%2F3N5ex58GWEGgOdDYrAjkWQaSqrdCXo8%2BtwgVez6%2B3%2B6tntPfj27%2Fbmze4jPP%2Byv95e7t6PXl1ur82bN592N%2Fbn2w%2F7u3f28frZ4MObm33%2FViMfEeDF7fbT1btPb%2FuvP93a%2F%2Fe322c3u3%2Fen%2Fzgr%2B27670x%2Ff3xLQ477iG17vShQ52PjHV94jOJB0vbsg2WUCYwqfiin1dK4oVTtwM7BINhVxIoOU5wLuHkeMYwDr3gVJ7QpgVa1vrkG8UJnExDNP8q4GAcwfxwx%2FIBSRB5pHMD03R1dsaP2A8TmwlzK2NuQMASWDcjuaU7IwfdMwdgEi8%2BniD1HAf5N22jEysUeP5AK8EMsJcyMDF0LN22IdC9sV2AVQAeVxu3wTztrw0EsJO5uYGASa3HVbbIWcXckUJw1LUlAOqoqwqlzwOc9Lc05oZGSwMQfN%2FG2kkCpO0PgY1rclORRQcoP45qRlBfUk9koiSJIzS%2B5joUoyIXhG9gkPMzd3igafpm0xAVaxbQ4Xih%2Bl0Cl4CmsvSoL8lOzpCPIMLZKB4j6plqUFvOciIEpBOQhFQv6soNlnh%2BMH86mJbxIAOV2EDk%2F39oOBmqmtr3ecWEJkOdqglPn17xfdc2zMVDx6ung3%2FLNWzJmGZhmAQTFn99dzWtkCjsh6AoVtObMSjC0AsnZanfHImD68tROzvcC4FcjR%2BVRA9SpN%2Fh4A1rNTH0P64nl4vTJeI4iKMzS0jW5UvTTBnUulY7Uh%2Bwz4%2Be2PfS78fWv68gUiLH7ZmB%2FISFenn%2FQ9sYin598jucyMFN7r72gzF8OF%2Bfi4XRlrqVNJsJqYcgJ7%2BSXJ7RluCm%2F6h%2BNpfyZU9Ox3OyPaFS%2Bcht%2BrRGoJ36e9accXMdxWWmlnIyqk4cSlGg4%2FblP7d3iSc%3D&use-server-side-rendering=1&pcode-icookie=zkehXxoGLjjrElTsA56TrBVJSfy9Zai0LCtd1veWq3EJveQV5KgMsIcJfZoc%2BTA%2BCsvQF34vGsuytFWPykIKfQxkTmY%3D&top-ancestor=https%3A%2F%2Fnokta.md&top-ancestor-undetermined=0&grab-orig-len=5120&grab=eyJncmFiX3ZlcnNpb24iOjIsImlzX2FzeW5jIjoxLCJvbGRfZ3JhYl9zaXplIjoxMDJ9ChKilLDkqOUBIaCOG7BE7TzSqN21SqWKVCpRRVTJIFI-YR_WnHDKyftBjpbRovfvvUnXyxutSnIrUZVzouPkZEDPDHAJQmPMzOFkf_bvvNPafxhjxowZQzCEgDCOAbSEzVD0skcwInmki-QhQ0gfqXsEO9JHRJE-pIsII3WkBpvHJfxQQw8ZHyXRA9NHBBFBSLuoKELaiPgFMvaX10Tal1OFCI5rL7IEkXzBQnvh-Cfm-dJHgDfBpC9csfyoI-3xxGU1WFJOLmte2Di5DJkhzTlxxgwu_hHBZclfhLmw5GA5bbnRHmcmQ5aYnd2emA252QCW08WvXJpTwUcX0i8UAf6oqEMQH5VmoSyE99CtiNQhVY_gvCS8SPVCFZFe8NinX4jRPpin0eMH6gNOvPw2hMlChqP4SPkIHhXrJcLj2ap9aqV7NOoQYX-kj2vaY1FI9ehffEj1UK-sjD6Uun5CH6W-QufAWH3gH5aPMNyFl2LhM2gP1XOxm9RHypBmpSA9uhCkhybGkPZZjL-Qqn6UCA8SH45D4Qc3NxuWEYQHqZoQziB2N9ccSw9eAk5-Ti7-2RBHYmPq9rQwGsFyWhNL3k0Fe14acospLQx5acsRF6ypYVGNbGYrUaLk68YCcRFnPTNZE3PeEZk4SpCNpT2xmBJjHvcGSMmSxyUKAW4Bvs5id8S50ZSYjRlL7uTkMhcsnFy2jKXC5H5eZOY8dsqieZGPvvCCczjShD3p1sxmy82l0fIy_IULYYfDkptZe1lm5szwwllTr1zGXtznXsoUZ5YiZnrxafaw5pT52nLEf9JpVpE4nsrsabgHgJYGJlNePoQYHAeoo4jt1oc4r_iEA-TcbnhYJuxxYTE6TpBXxlo8lVqz1BbnZi8a1HyouHl5nctQ6SFYRvqQamTlKA8xH7KB2avp7wO6fdudmdYDtSdyJgVgzyJfmp81lRUs1cpdXLvat7QERQTUDxbJcwvUzRNlBDmC-cBgRJSdh48HtUuAi9G_JKn92A2F5-YcBvODM5oKsxe1w8FR2NlscWK6a5-cZNGt2zrxkHU4DDnzi4-gb6PW3rBts6UPaTpoAAU4EkBXPirQojJFAiOM-X37YYc4iS3B8hbdoZaZ_kFRIs7y1OZmm0fW4cieRT6EDWzwEJIz75hXIQcjGbbw73RZftae5z_QTXOlY_bSVsRs_eTKa9w_DU30zr0Tx1NiKNjLpXJEcWEyrZQ0lTKXcYKoO90o7UnaF1jJLSObmR_WZWM2xGV_X1dZX7iV5_4Itrvkzv5OUpq5bo79D7uYggdbUMnIFiAXzGWauagyQPOPtsdJmnIkzPeH2JDZ07wKPfHb0WWQCdDUF3FZUUmUbFRfSJZMMzNbuZDkfAqG2r97XwHTbtXcyt23414OTt-G_iW-3hJ_4b2STHA18KZa98n11BFviv3tX_11RH0IPy3o-3bUkO751LX51E6ZOs4IGjz0B9NltF8LJBdAWM85UUPkUuvnCcFLKeuaUOFJpZtI202G-hzPAHtF2r7IOTlR9xD-1YXGhqtGkVZiY_YiZvwNsjG5BsdSpGm5MCnLOLc5924k38hIvoFAiYDsEfmjB6K7G_MAKyTzbH_2sScxUzcUzIk5sTCVLEwcD6bkKIxWtsJclNeHnDjrMp523YC144HPv1HeST9fVn7ee3-9-vvLvxQR_3LXemuYl5jerwYc_hbXe_rdVRPSyyZsd0t5FUu4y2r31dXM5Bq764DPi-aPck38WvexveVRiv94Y96jw6oP8vYZ8JlE4Qcx7IMw7rVEQbiO4I4M_CYG2rv_B693Zmjfjj-rrO-9zqa6nOEi_r7ZwV0V0h2S7sGp_nMtNXj0_2PVwZr0lyOfBgfnOPwWBXdfI_tZXE_N3TcmV1yHwvvRONpawmG0WnOjgSX5_ZE8i0H8AWbYViIXpX1Cv9UKXMv_-nvR7ASkD-y7_4SRE5RptmyrZzC2cashUmfxKsuyzf2br7j75OHDwn2akjR7uihaAuUHXXqR2iioGXNi7KBYi89xwEgf8Dxjs_YL0nfBG9_MGMu3Cymv-WmvL9WY6CnxZrpc8R9ufzAj5jijwrpx_kDQcjMdOJ1FabJhfT-AHgHtl7-dftm2GVLLFrjJBMcjf_72B9BQVvfzOsAn_2O4Nf8O1WL20JaaQtjqWUpLFj-P31c0Nz3bjAKv7rEPl00PGE8wVhozi-n3WpaXUHRvLmGIM3b2DZXdkVpDWjZWUw1kDjUSL3XSXK6NdywV8H6-6TQ3XC35WnsZs0REIB5xeQJtZM62ca_EeXvHE2xGnHwBcQePiPLCYP2AF1FmY88N3Q1NMlLBtzyizy97HbGxClCycoXNll1kWqQLByenYHcjs_RH0vyR8O-Q_X69pes7BcPG6OtjvJFxhRaerXgCKtY4zs12Jrwh1S3zgch5fMsyZ41xFWZksnAkqQSnu7QYliJl3SIiwMstOQvFlcWsRhtmsxi5AHLU2GdxzMqB6SzmE-Dh4ZG0L_cf8GhWz0bE_yvWzYLw7FBWVguHuchSiHUuy8-10zORwnBDGG5gQKwrdQBJ4y6x-qPGUoellE0VwpyVzSGQmFOm0mKT8s898mWe5hZp5NIkMZXscWZz4rT7l7tNdNv3Yf_HDwBwEQgR2d_t2jzsBwvMAyDl75-gk7z0XuqkoP3UUf5dgRkxMB8o5AcA49FQRJT8EdB_EZJDFNojSPafAPaBkD-gUHpEcX-D9cEW7D3YoYAlZqCM64BJGOKdPsnja89_ko0sydlOnb4x_DmQNoaLXkoS7LY_cChPBbCeso5aSCOyD6ra3sl_paQRkL9bWGD23RjlizyUpLt1IH-LQP3mP1Ei22YuZpKCu-9WzIWbz2L7kHbmQZeVVvT2f50KZn9q-s_0PcUN9dEWCL9uWHcHz4x-C-C_eQbull3HG_pu_cFRHNAIWP7b-_EN9DYTslvzCSN7NJSLOIWYcVffCJsKnFswEL6J4tLxuxXhBhsgrdvp0--aRp976UzIE2V9GkA_SAO-Sa5muYYklWoP5QMyiVkt4u4a5e56OMPSTZeIj-V10ctYLK4KssBabZJoLkwzdqshsBzmH4UmsdFhtyaZPcepvRAbKT3EdacxyeqIWpi3C10l6MlVIvQoitqmyX_86SYoWX39HddrlroNUQhWm1S_dj3GZqIbzUn4owpKfXt_UfoT9R95KNhUCaSNMsZWVw1zu1CCFwFiSPPJ3N0IwL6q5S2vNSqGaVNzFgxPJtDwcF6Srhv1xTPoMGyDC3zZ45S7hFzXUR6tXkouX-RVTfVQ2yDsvMzqa2w7gQhmxNztSd5H2W4MLfB_ysD3UiHYlostlzw4UoKEDkOhw1A0PezapqETHDeEczfukvVA7nfKlscx_umpL93cJO9Tdurd3T1o3czXunhQ7R1dus4Q9Hg0U3XBeKDsiT2xHNV9NfgJWnsg4U4D3WnCTncnOmreBGSDIIItrmf-PMNHbeea03LYWGa0ZcV0tmPt5nP7AZnKDEC3poMoqdhHwD89jS7nH6JSv2ITyEtGn56UmyFeakUgmUJWj2Bqw3WuCXI35xsFg3M4jk7lpfzEn_BpZykhXZ-E-7rNN3FUffnSTurn69lsdOpO1HU18Jeve5v-OPypAd-bwEKrgzA3F_dFgP2aS3a-hIgEMJVYs6qlUKqqFssriPKajPJec6G75k782dTG6Rcb_PN4kZUn-cgp5ia93WfdajpXFq4Rz0XZjrlaaRCkhZwZjdsWMqYiUD4-osvwgnagDqlEx7virULrwlafk5oA7zl-WX0It7XrJU7ep8i0tTwkbY_f_G092VLp2ZGeHTKxQeB9jquD2UXN8s7TL4zerYi9KRRYuCl0pny3tHJ2VnmIMHBNjotFLd1QxvFMd7Q5Evh7JZolUhky9CNouYshbFF9UIm3CVBE5EMiULfJxW8BvC4VHWrgHcM-DDly38j41q28eiJH_fjB8lQdyRdP5g6Q3BB_UW6pJ-MR8Fu_VkRYbgyAvNyEWbmRwOhWNKJ22qXyzyk7qIAABQxxN4xcpKdWWHqwfVAoq5-jr2SvLtA9N8d4eXWNoP34EX8evqnsPMAd0vlVQeq3QTDJm27C0olTJ6LYy90j-6o7LvlBfSP6PoiJWW2QgSsNv6lyKNYA1-hplPI83qaNgzazYGhEr5c425LHgby-p2stqqZ-4SHdM2uhbojtUpayCfw9wa9X97aGSyARnGX5AvrbUQ3n64_Xd7AOuwdzbMRfN-9Z0sDvDtCmdxvqODNDOqRHLIFud7kDqN_47kZqvd6CR-yEYQrHztpEndVbczTlqQB04m6YG9woKlD_ycD36Vfr5tbvyHvblvYo67zgquqfao6xSp2BVbmumWBampT3Cv3tGYtV_I9AUMmRsuY-uaAhKY9Zev4-DupYrMHHbBSHWBGaS7-F5JMhllOhqU1MnLymArq-RZaxefmgLCDN3KY-Fw7MRtwaYTOjjaJaA-xqK1XNi8_Trpl46rTBj0QU4-i4Iu28fK1dPZzUWwfXSa_ZRHft_XTbcXQ17NkbfjHrgR1DIV7FQ4FNJVPhVbHYV0feVBKJmnmEKnCOLGk06jF3TGnapGk9F1tZ3DqFbn_3VhbyqlMVODJ8NQ2c2TfGEotRf8dRKZItW7b8K1JiZ-s-YCUvXyVd6uEfV63BODclseHv7sAJJuPYKCdSuLNilPogesezvGaPbcA_1j-dA5h986bDp3ndgDXgmxusY-hRebFBXRQ-Pvv6S4_clgR8bz-o8JY2Iyl8LX4iP3QCU0xVUF4In1O0GepdaaJuZqbZI7zFs3Oa6FEO0ur497FxH0tSW_T6BeTVUC1vSm4-wa4_OEOzS1c8Qv3jK6onYb_5SJ8-93nRe7Uqj85swwczcLYvrOWLgeZzQbcq3vqBbt3h3Krx4HIs_Lp4Xw-0Y1o66h49pLK4-MtbWjrOXZpggfhe3UG9N5elEpxj0y-e2J8kwp-tQVn4E5-lZ5x9AS6q93IwA4W-I9cUUl1jF5Rp5vXs293p99nC_2PLF3Q0dSZI&tga-with-creatives=1

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

8b9e8f4418a9532f833ca8b74dfe83d616ef439f9c12f97e994fff652eff8679

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1684862482296644-9130400770231486531-balancer-l7leveler-kubr-yp-sas-134-BAL-8992
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 23 May 2023 17:21:22 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: application/json
access-control-allow-origin: https://nokta.md
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:22 GMT

GET
H2 200 b284441208ea217f146f.js Show response
yastatic.net/partner-code-bundles/775430/ 23 KB
8 KB 89ms
88ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/775430/b284441208ea217f146f.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4967274ff18a90ce0a1934865dfaf2e1a2fb84aac387b76b22732f289823c46a

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 7929
last-modified: Mon, 22 May 2023 15:10:26 GMT
server: nginx/1.17.9
etag: "bb5bfee2446d66d5aee642b1e124635f"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 22 May 2053 23:52:34 GMT

GET
H2 200 a556c6c7f3a732d60908.js Show response
yastatic.net/partner-code-bundles/775430/ 7 KB
3 KB 92ms
92ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/775430/a556c6c7f3a732d60908.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b2eaac755474cb7655bf0c87683f4282347bba0c4c7c8155518b8c621e1f3658

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 2071
last-modified: Mon, 22 May 2023 15:10:26 GMT
server: nginx/1.17.9
etag: "8a8ee6aa0970ad2ffff17701fc785c5f"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 22 May 2053 23:52:34 GMT

GET
H2 200 e0079e295a4da0993add.js Show response
yastatic.net/partner-code-bundles/775430/ 620 KB
118 KB 92ms
92ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/775430/e0079e295a4da0993add.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

1381123ff6dd78a93cc7c9bcbfdefc7916f0ab055a82093491e800c9303841fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 120006
last-modified: Mon, 22 May 2023 15:10:26 GMT
server: nginx/1.17.9
etag: "ff107b2cd35bb31940a2f5c1043e7a03"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 22 May 2053 23:52:35 GMT

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 47ms
7ms XHR
application/json 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json

Requested by

Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8f301752c4f7f9cc783b9ac55c6163943c94f3f75dc4844180e342fac6eeb4f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 23 May 2023 17:21:22 GMT
x-content-type-options: nosniff
content-encoding: br
age: 4834
x-jsd-version: 1.0.1703
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 868
x-served-by: cache-fra-etou8220070-FRA
x-jsd-version-type: version
etag: W/"63e-OxPXih49wREfSxBK17es2D0U3p4"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
210 B 92ms
13ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.27.0&cb=67489038938&lsavail=1

Requested by

Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 23 May 2023 17:21:21 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://nokta.md
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
171 B 186ms
85ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://nokta.md
date: Tue, 23 May 2023 17:21:22 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 1997693 Show response
bs.yandex.ru/metadsp/ 134 KB
19 KB 299ms
174ms XHR
application/json 2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://bs.yandex.ru/metadsp/1997693?imp-id=7&target-ref=nokta.md&ssp-id=10500

Requested by

Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

394807ec08bed57b2a7667792ea19d0df46a60287004b14aedf2420d4e3572f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
ssr: false
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
uniformat-product-type: Direct
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 23 May 2023 17:21:22 GMT
uniformat: true
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nokta.md
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:22 GMT

POST
H2 200 adjson Show response
ads.betweendigital.com/ 2 B
881 B 158ms
119ms XHR
application/json 188.42.196.115
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.42.196.115 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://nokta.md
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
111 B 99ms
41ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://nokta.md
date: Tue, 23 May 2023 17:21:21 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 79a692f30d0424e73153.js Show response
yastatic.net/partner-code-bundles/775430/ 9 KB
4 KB 31ms
31ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/775430/79a692f30d0424e73153.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

766b55722918f8dae7e77c097c6d2c517e4b889386dcfb357fad76ab694f11df

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://nokta.md/
Origin: https://nokta.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 3559
last-modified: Mon, 22 May 2023 15:10:25 GMT
server: nginx/1.17.9
etag: "5bd7a00c92418ae7cc0a8e2922d600a6"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 22 May 2053 23:53:05 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-111548798-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 23 May 2023 16:35:37 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 2745
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Tue, 23 May 2023 18:35:37 GMT

GET
H2

200

rexdot.js Show response
gamd.hit.gemius.pl/__/_1684862482528/
Redirect Chain

https://gamd.hit.gemius.pl/_1684862482528/rexdot.js?l=100&sendf=24&id=p4CVTv8hZWafEG2PdZ9EeqPe7HjucV.3GM5JM0.nB77.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=https%3A%2F%2Fnokta.m...
https://gamd.hit.gemius.pl/__/_1684862482528/rexdot.js?l=100&sendf=24&id=p4CVTv8hZWafEG2PdZ9EeqPe7HjucV.3GM5JM0.nB77.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=https%3A%2F%2Fnokt...

169 B
422 B

88ms
88ms

Script
application/x-javascript

128.140.224.228
GTS-BACKBONE GTS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://gamd.hit.gemius.pl/__/_1684862482528/rexdot.js?l=100&sendf=24&id=p4CVTv8hZWafEG2PdZ9EeqPe7HjucV.3GM5JM0.nB77.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=https%3A%2F%2Fnokta.md%2F&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=7ciwJZ63OX1rYEsBPyS1KZKfk3Bn0bvwbvri7pcxxEj.z7caniz.a2vulssZlsftGpp.V8fpi9H1SI2khRTXqkLLvcvf/N_kMvCvQcCGN0/&fpdata=9V_7ORXx.Wdrb5mnOe9c8FnQSWPijNU6bAUMZWdHD43.I7&ltime=370&fr=1&ref=&inner=_ver%3D342%7C_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D&exid=646cf6120941f2a7&brts=1684862482&fpcap=
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Server: 128.140.224.228 , Romania, ASN5606 (GTS-BACKBONE GTS Telecom, RO),
Reverse DNS
Software: GHC /
Resource Hash: a58f902750ab06a59f5e4b5e080020f580703b1192fd8e428c9119de27cbdb26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:22 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 169
expires: Mon, 22 May 2023 17:21:22 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:22 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1684862482528/rexdot.js?l=100&sendf=24&id=p4CVTv8hZWafEG2PdZ9EeqPe7HjucV.3GM5JM0.nB77.N7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=https%3A%2F%2Fnokta.md%2F&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=7ciwJZ63OX1rYEsBPyS1KZKfk3Bn0bvwbvri7pcxxEj.z7caniz.a2vulssZlsftGpp.V8fpi9H1SI2khRTXqkLLvcvf/N_kMvCvQcCGN0/&fpdata=9V_7ORXx.Wdrb5mnOe9c8FnQSWPijNU6bAUMZWdHD43.I7&ltime=370&fr=1&ref=&inner=_ver%3D342%7C_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D&exid=646cf6120941f2a7&brts=1684862482&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 22 May 2023 17:21:22 GMT

GET
H2 200 pica.js
nokta.md/cdn-cgi/challenge-platform/h/g/scripts/ Frame E04E 6 KB
3 KB 15ms
15ms Other
application/javascript 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nokta.md/cdn-cgi/challenge-platform/h/g/scripts/pica.js

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cddbabde6b641c1731102a3ff5b981f07a0975b6c45b3e40f7bb553887a52f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7cbef993da9c3661-FRA

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F792 76 KB
25 KB 130ms
130ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/775430/1d37052b1858b4bb0534.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fbc40f41c035c68530abfe8bbef11a0a614e07068e34104446d6cf0a476f198

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25341
x-xss-protection: 0
server: cafe
etag: 359 / 19500 / m202305180101 / config-hash: 4869622416900102247
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:22 GMT

GET
H2 204 event
ads.adfox.ru/239538/ 0
230 B 192ms
71ms Image
text/plain 2a02:6b8::1be
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.adfox.ru/239538/event?hash=b82b679cfcec170e&pm=cyz&p5=nmoxl&rand=bhbweze&sj=OQps12AxuZr2r4TCX_N3J7ERQ0e8V5yTfymKfkXUHZCK7QD_Ja8VibjpBYOzaQ%3D%3D&ad-session-id=9893891684862482221&lts=fluzode&ytt=144036023369733&ybv=0.775430&ylv=0.775430&dl=https%3A%2F%2Fnokta.md%2F&pr=muibryc&p1=cwutf&rqs=EaKjJRDm9SQS9mxk1nBS4muU07kCxOLP&p2=y

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1be Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 May 2023 17:21:22 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
expires: Mon, 04 Dec 1999 21:29:02 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
202 B 15ms
14ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=788069066&t=pageview&_s=1&dl=https%3A%2F%2Fnokta.md%2F&ul=en-us&de=UTF-8&dt=Nokta%20-%20%D0%9D%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%20%D0%93%D0%B0%D0%B3%D0%B0%D1%83%D0%B7%D0%B8%D0%B8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1138901235&gjid=889152038&cid=1290625941.1684862482&tid=UA-111548798-1&_gid=1946947913.1684862483&_r=1&gtm=457e35h0&jsscut=1&z=979832241

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nokta.md
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
148 B 22ms
17ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-111548798-1&cid=1290625941.1684862482&jid=1138901235&gjid=889152038&_gid=1946947913.1684862483&_u=YADAAUAAAAAAACAAI~&z=1896878091

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 23 May 2023 17:21:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nokta.md
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 7cbef98d9a9b3661 Show response
nokta.md/cdn-cgi/challenge-platform/h/g/cv/result/ Frame E04E 2 B
286 B 42ms
42ms XHR
text/plain 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nokta.md/cdn-cgi/challenge-platform/h/g/cv/result/7cbef98d9a9b3661
Requested by: Host: nokta.md
URL: https://nokta.md/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
server: cloudflare
cf-ray: 7cbef995cce73661-FRA
content-type: text/plain; charset=UTF-8

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 41ms
18ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nokta.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js?cb=31074815

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 40ms
16ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nokta.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js?cb=31074815

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 567ms
567ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2879232841913021&correlator=4231882544772891&eid=31074815%2C31074827%2C31074848%2C31074648%2C21065725&output=ldjh&gdfp_req=1&vrg=202305180101&ptt=17&impl=fifs&iu_parts=22776189532%2Cnokta.md%2C6.Home_Main_970x250_5&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x90%7C970x250&ifi=1&adks=1076591622&sfv=1-0-40&prev_scp=hb_format_yandex%3Dbanner%26hb_size_yandex%3D728x90%26hb_pb_yandex%3D0.00%26hb_adid_yandex%3D11dcb664d9a4f2a%26hb_bidder_yandex%3Dyandex%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D11dcb664d9a4f2a%26hb_bidder%3Dyandex&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1684862482868&lmt=1684862330&dlt=1684862481655&idt=805&adxs=436&adys=2722&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fnokta.md%2F&frm=20&vis=1&psz=1600x0&msz=1600x0&fws=4&ohw=1600&ga_vid=1290625941.1684862482&ga_sid=1684862483&ga_hid=788069066&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js?cb=31074815

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

791949c28323dc8d138670263083cfd7b13eb8cd08f751e46ddc5345c9b25db5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10485
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nokta.md
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DF70 6 KB
3 KB 83ms
19ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js?cb=31074815

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:22 GMT
expires: Wed, 22 May 2024 17:21:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/ Frame F792 408 KB
126 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef30c883b4b4e4b45057fb38e75477aa1b847d061b19ff032e26c5d3a789961c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 16:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4152
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128769
x-xss-protection: 0
server: cafe
etag: 11452098575748349983
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 22 May 2024 16:12:10 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame F792 90 B
94 B 43ms
42ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=nokta.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23f1cf894af232eefc7489d3fe3d620cb38ede4291dc191b27ebeadafa2fb5f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69
x-xss-protection: 0
expires: Tue, 23 May 2023 17:21:22 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame F792 107 B
165 B 17ms
15ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nokta.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame F792 107 B
165 B 17ms
16ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nokta.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame F792 21 KB
10 KB 505ms
504ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=817785981993421&correlator=4243016472660306&eid=31072020%2C31074722&output=ldjh&gdfp_req=1&vrg=202305180101&ptt=17&impl=fifs&iu_parts=22776189532%2CNokta.md_probros%2CRich_Media_400x250_Desktop&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x300&ifi=1&adks=4042043804&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1684862483003&lmt=1684862483&dlt=1684862482540&idt=426&adxs=10&adys=890&biw=1600&bih=1200&isw=300&ish=300&scr_x=0&scr_y=0&btvi=0&ucis=ssw9duyg28d6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fnokta.md%2F&ref=https%3A%2F%2Fnokta.md%2F&top=https%3A%2F%2Fnokta.md%2F&frm=23&vis=1&psz=300x300&msz=300x250&fws=256&ohw=0&ea=0&ga_vid=1290625941.1684862482&ga_sid=1684862483&ga_hid=1968689220&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8d145e9f9670f3bf909c7a7d7de6c88834635741e913714825200a90c25fadd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9786
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nokta.md
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F792 14 KB
11 KB 95ms
57ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57b5eb866302b54ad72b282462a4952007ffec4d4ad1aa9057a348175050737a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11092
x-xss-protection: 0

GET
H2 200 container.html Show response
e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 575C 6 KB
3 KB 46ms
15ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:23 GMT
expires: Wed, 22 May 2024 17:21:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 57ms
57ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js?cb=31074815

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c07d442c08fff9fcc0e9db32704bdfa7f37ae5c70e2cb198e417cd6d8ef794ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11353
x-xss-protection: 0

POST
H2 204 rum Show response
nokta.md/cdn-cgi/ 0
177 B 14ms
14ms XHR
text/plain 2606:4700:10::6816:44aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nokta.md/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:44aa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://nokta.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
content-type: application/json

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://nokta.md
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7cbef9974ed43661-FRA

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F792 17 KB
7 KB 89ms
67ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 May 2023 17:21:23 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 135ms
135ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js?cb=31074815

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 May 2023 17:21:23 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1FC3 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 12778
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 13:48:25 GMT
expires: Wed, 22 May 2024 13:48:25 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4C72 783 B
1 KB 40ms
17ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ab07cae7d057d6d320531ee80728081a9217ce5a17d366400e35968e5e839048

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Np_tO0Z2ye8QWRfQf5FdYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-Np_tO0Z2ye8QWRfQf5FdYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:23 GMT
expires: Tue, 23 May 2023 17:21:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js Show response
pagead2.googlesyndication.com/bg/ Frame 1FC3 37 KB
14 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f8910bb4b43e21480fa154045cd5fcf338313475a176572f9b3cb5bdb9abbbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14738
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 May 2024 13:46:36 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4C72 0
0 41ms
40ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305180101&jk=817785981993421&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 061E 13 KB
5 KB 10ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 12778
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 13:48:25 GMT
expires: Wed, 22 May 2024 13:48:25 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AC7F 783 B
738 B 19ms
18ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c25bc41243c7eadd809840b406dfea847d886844318cc5ebd8c62b1e869a8eee

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OENg2xfsYNJwXXY8W5kiOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-OENg2xfsYNJwXXY8W5kiOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:23 GMT
expires: Tue, 23 May 2023 17:21:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AC7F 0
0 41ms
40ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305180101&jk=2879232841913021&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H3 200 b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js Show response
pagead2.googlesyndication.com/bg/ Frame 061E 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f8910bb4b43e21480fa154045cd5fcf338313475a176572f9b3cb5bdb9abbbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14738
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 May 2024 13:46:36 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1FC3 0
10 B 8ms
7ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-9kabw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 container.html Show response
eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D735 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js?cb=31074815

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:22 GMT
expires: Wed, 22 May 2024 17:21:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DCE8 624 B
826 B 72ms
48ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXjbvf0MS5ie5t6WZ9Gt3bETWOWwrWdv564CJcMrMl6ujVurOTXHH7ABJObqzD-xh0bmxIMJEF_-Zxhgg85N9zehL3QYNo5TfTCEuMur-HJmymG8naVrftKggD7_Q_Em_oAL8F7m1xL5lMgUpDk4M-j9hHJy8stalC0d5koA2L5TEDfFCc

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:23 GMT
expires: Tue, 23 May 2023 17:21:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D735 78 KB
27 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:23 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D735 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BZlR7FhVAs62jKp_gOgk4GQ2V3LfrPfglTF9Swr-y9hKvapHMN3u6CHS2chzOCLG1EJdVLEi2pu4HLfehymxYzpoZzqYtKWf1ta_I8gLLba93HImI

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D735 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9038045710543037556&x=1&ct=77

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230518/r20110914/client/ Frame D735 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230518/r20110914/client/window_focus_fy2021.js

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Jun 2023 13:46:35 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230518/r20110914/client/ Frame D735 19 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230518/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 22 May 2023 22:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Jun 2023 22:18:44 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D735 171 KB
54 KB 69ms
46ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

452f096c720b3e3f9bef10090f461ce08ab38e64159263e9939a7c60067aa32f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54262
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684757038394838"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:23 GMT

GET
H3 200 container.html Show response
e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1901 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:23 GMT
expires: Wed, 22 May 2024 17:21:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EA2D 624 B
506 B 55ms
47ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJuhcRDKpa3UBBjDnZ7qATAB&v=APEucNUsieJay6E2gTcDeiaabLde4BkOy_acCChKzBeMXo91jR9OVy-ScYhFzCnRJvORzYH-L26sNAhIYjmf_YW7vyaXLefviGLGx4PB_x8WO1V7QMobkJQcpjYEum842WjEp4fX2iTKLnTfI3vilbrvs9LX5XGvwTYYVk1K_25BspR53iJH5N0

Requested by

Host: e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
URL: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:23 GMT
expires: Tue, 23 May 2023 17:21:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1901 78 KB
27 KB 76ms
76ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
URL: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:23 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1901 42 B
63 B 45ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dylfd0Lw9Knv6SyyOkOw4EQlUaFx01XduMuvWSB0xu5Zm4cOu4OTpwnjXFgk2pIQeQhhdMsUWt29ko5-3p9djHuhXdp-YcFruRjYdi9VUZCmzLG8g

Requested by

Host: e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
URL: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1901 0
20 B 48ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12154753025338653583&x=1&ct=76

Requested by

Host: e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
URL: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230518/r20110914/client/ Frame 1901 3 KB
1 KB 14ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230518/r20110914/client/window_focus_fy2021.js

Requested by

Host: e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
URL: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Jun 2023 13:46:35 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230518/r20110914/client/ Frame 1901 19 KB
8 KB 15ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230518/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
URL: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 22 May 2023 22:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Jun 2023 22:18:44 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1901 171 KB
53 KB 76ms
69ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
URL: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

452f096c720b3e3f9bef10090f461ce08ab38e64159263e9939a7c60067aa32f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54262
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684757038394838"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:23 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 061E 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?aizghA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DCE8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhKmz24XsufeyHFzJr3OjY&google_cver=1

43 B
766 B

19ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhKmz24XsufeyHFzJr3OjY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXjbvf0MS5ie5t6WZ9Gt3bETWOWwrWdv564CJcMrMl6ujVurOTXHH7ABJObqzD-xh0bmxIMJEF_-Zxhgg85N9zehL3QYNo5TfTCEuMur-HJmymG8naVrftKggD7_Q_Em_oAL8F7m1xL5lMgUpDk4M-j9hHJy8stalC0d5koA2L5TEDfFCc
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:23 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhKmz24XsufeyHFzJr3OjY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DCE8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZGz2E.SJP0a2wJFhN6tgPwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1&google_hm=2

43 B
632 B

11ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXjbvf0MS5ie5t6WZ9Gt3bETWOWwrWdv564CJcMrMl6ujVurOTXHH7ABJObqzD-xh0bmxIMJEF_-Zxhgg85N9zehL3QYNo5TfTCEuMur-HJmymG8naVrftKggD7_Q_Em_oAL8F7m1xL5lMgUpDk4M-j9hHJy8stalC0d5koA2L5TEDfFCc
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:23 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame DCE8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJYYtA23EogvOPfRObLKnQM&google_cver=1

43 B
1 KB

24ms
11ms

Image
image/gif

37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJYYtA23EogvOPfRObLKnQM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNXjbvf0MS5ie5t6WZ9Gt3bETWOWwrWdv564CJcMrMl6ujVurOTXHH7ABJObqzD-xh0bmxIMJEF_-Zxhgg85N9zehL3QYNo5TfTCEuMur-HJmymG8naVrftKggD7_Q_Em_oAL8F7m1xL5lMgUpDk4M-j9hHJy8stalC0d5koA2L5TEDfFCc

Protocol

HTTP/1.1

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:23 GMT
AN-X-Request-Uuid: 99ff0435-7487-4f7b-8629-7f591da64586
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJYYtA23EogvOPfRObLKnQM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DCE8
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTgxODE4MzQ5ODY1NDM0NDEx

170 B
243 B

18ms
18ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTgxODE4MzQ5ODY1NDM0NDEx

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 23 May 2023 17:21:23 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ef9a10bc-b952-47dc-9bbc-b7087b14f7a3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTgxODE4MzQ5ODY1NDM0NDEx
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D735 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4579055313310&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D735 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4579055313310&version=m202301230201&ct=77&x=1&cor=9038045710543037000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D735 15 KB
11 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9stwkXigoNeVm60EAfhsQJBc3RPN7fmZQ-lGn0tLdzwNYsZSE3VmmXlsAGVcTzQMtoLQUiSfPf0XvQV_SqAv826S0hRH5JWsTxF_YCTD1ZsMf7LFnyHg2yRcg0pXVTxOutymN0nGfHWVaKo_ce73v7HJET7MCQ54NEySKRPlgETUA5S8&cry=1&dbm_d=AKAmf-A4qzdHJpnDepgiwfsj-aWndQ7mUT8TQoO7rQ8H9Ci2Cv-HylWplnKlngGDk8duxq7wdkVSCIh76vU71WaIDxfIeJJljC1hdswGILOfv8ZEt7DcRd5UO4xggZPRbB9NM80udu6MUcHszPnf-Z9klgSpcFM8gJd9-xcYa8mvCyzCK1VOakgr-blz8Qm5C43ESzVLqLGwlHpjDk6z0R4-o6r6P_PHaPRhAMIRGOzwFt2u3avTbJn_6_NFecnLX3ehmfxNILilsrP1QoQirHSodalo4xU51ifEu4GuV5I-V3WV6jLYmqnEzYjckg7DuVCc1KNOQgzupWRtMasUdtYRSzYrKv4Y2el4SBpVOlcorGtCbYtVBCwXTOeidd_T3pY66WIOoVvR4mA-4gM-nVstWXYjNsdo8N2MwzBrnvN6laP3PrsCeumk4eP5vIl8N86gaDqYirnSRkaGslHhr2puPK6CDC9B6xzzvI1zLt9VfUqk3adeupWhvaPGIDXm0sGvepeBBR3hzJ8SMi3r4698Lq4U7HLCZ_b7-FYEYy09mJSySjgIjXK1qCS-PPBHt0wQVysXfc-O_4qJU6L4k7XSZGQds4xhm_HoyVvl_4x3YIlU1ntsLdS2CgTdyQCD_GEl4ZC2-BnWrrb5nvTseogj2VBRbjCrGEgV2hLrIF9Oeszsw2yaRrv_vkV0MKksj57bAQhU-lj0Ec7JE-eJSK656SZF6iOgLTd3lf0x1W6QJPFPVxJQtEI_bUxxY_d7yHMMRQWuJFzfFOcolPbzmAnbJ9YshpoOKy8ekjx3IU3gZKGiVUooBrShGsjCYLVcEzEj7rU6fIjxgX8er1wc7x_spf0IyqrW3x7wKZWnsv-SAR-q-Lr1HnGERf79h8QWfuCeLHhxPDW5ZQ6opPoPBFfzy2HXBlTDWLL3MZtV-QfgbqwnFF8o8tlxdlTVwAdI4JSic_DcCVcwmtCvdEd_G3cqwL1luqQHulvd4w7woAiqtmola-AqiHw6KnS2KGagOUFJCSKlJpuV54MxSnERiYYatL3AV4P8OjW4jtqkPhzPuebjph1sdJz2DQu3jGVX5yuK3UeGRxfpQ6hi0apwWsvQVZMuzWoYYswGmROCWSK3Gx-Ii_vwawVB_XOGcuXae4P9kweYKRuS3qlvcz99owFXzWURM8L62l_c6tsYXpvMhm32bsu-9etXu9bPtT59Ou5CBviXfJNeMLgyXXqmUeTNrpRD7N2HdRqVd1Ckh7yr2iIWoLRqhNospC15At-aCeJC3jHUemPDXkpgpiiUYFKksgIVVClpStHpgDOgS472MiTL00t0BoXl0GzkKSpPJ3IJ_1MiFinheeXLf-1J-oPZ7lXXuvN5vCKCe4PFeHlqvhTySJ_b4zJITnub4PMG1hDh5B9ntEYpWKFVnDS-tvhmw1I-ril3kI-8P30vBXWbybYq3wLpJQ2Wvgd3Oyk73dLbip4TfT1ev4AGciOes1hGFPiM7iq8o-4UK_w8WTAbBkZB1rQnhnmTMBeAnjrDB8R9XMbBliV9Kzum2OAJK3L8aNLzEJvj-9_yW0nTEzTn5D70lxqST1-ZIAaeahOLqeEXvOprUdId7JD46Vyh84t_XbmHyLaCZ3RalWuEspMlAU_F62P2uOyTUVIUodsGT5NmD_I01nZ40C_Xg8qphpPudcJ9ul5Xqx_kPfiWd_IP0QKIpfewVbfXIl_h7iGLfl1rVa3d2hStsJzk-hxof3DMHBES87EBasVTy_FsQZPiOMjeGALdQfxQ0Ww3nJFS7cqMS7l3RNI2sUwJPDUyQ5fPh95rRjEb5d3fea5a-7EWciT5HX-nOKR1Tgy-NldDjCvXncUl6_fUXts-nIkCzRf6nqaoKiRSXam_ySrpvDg2mJ_McEZcjtLow8akZsML8WMa8Qml3QWjnmDJuAYrbsYcLqhQgQIxdPFKpQZCMWqQUo1awW3k2g6DXSPbqmwt476_Hrj6KwDb_QqLchWO7CxRXTe-VmSdmpWfbj0ZeVo32TpDEbMTByWGQ8_c8JusygHUgJVHUrssK7RUaXX9ZeROr2d9TrcjQvl4I64ZSdwCRTThevnGCbkVwhFGAOmwUK_PKib4e8aWA2aRn-2jEBE0HfMjPJFGThZY5A63K5jpJyduZg7NaruSaoO9iOzLOqTnnrGiYc33zl5JdXMZ0cNm8b5PSkIY2zPaSmWPnbg1Ctkp0Y1_G5Q287yYo6xHmdHHmhL0YzcOc4sfTc9OuxDj_Dzfrvl1-tZKsO3ooK2H3s0ahriScV_6PnZxmhltc3EPAhZzH2vwQqbjlpVbRajF7JEMm2zN0kVGnrK6WLbSs5ocA5S76PwzDTLh4cSdtI3xYCfjwmiJ-mkTWw-Jqv4Cfyzag8_3qq0JyUeFqVm6biQ3TiO8I9ybAzCUn-EIPEoP8-VPVHEJHcJrJc265Wc5pbRkKPzrWCt-FzC966bM5JHQkkl8wJcqlm8ohvhRPWM9lsj-ZVXU4rgFRIIA76HnP-n-pACaAqDq6lO1z_-THnfL4UKooLg1T_CbXccBCrwYllIcHfgVZNdK451Ij4uafEG4yhEyCA2t-tcuxeQ9lnp8d3ujdK2ynSTI8XHdZGpMMIT69PJvmePzJ_h35QEOwNbRQyfXdW_pCFGGWyQDuBJVYSENvq6mX8jqwHAp5dyPX_zgqOaFX6GNQt9duXcsv4E5DYdDmH3lufrbdAdH1XsjpfGeQ7fDXFe98wpEArOeUNcuiICsxS6NRgr34mif71r8YhhwI6GTZgwOcU20dI4al2BFij30QmKXWL4Up35D4XizqIfgjrXKxV7K4ODorxoDOqXDlbRjKatBcuiUJ46_wq1z-Z_VeQm4BtpIyXtdFvt6WZuwDEI18sW76OP1Fe8bKTS3tkIcdraoISbHfDSjEEEvDgjORyMQjv0oGVWGDboM-xcYAsJ-gYf4XQHtz0OPBfM_hDbqjogLA1fRPBCTPpGAoeonRTCdxz1vm5fObvu-VWIQy3eolqOd50b9fuAssKF7Dg3UJY5TvjkLs_yeE28oaK0kF37nk6KudyCDyotVYxEDKjPIPxW70BwOnKv7D5Qm_4n7WB6Tui1XLV-qqpY5cKJpOiHGC_MLqpOMjc9vUTDbK-AUqMESLWTG6Xs11FOFn1T4HpxlhHQ3XZUGI10SfkGp_phWc0_kNvlqPrHDpQMirXr-7UsYtod4-alq3yZD-a07IZ2qtczGDqDMVwi7c2s7gDmbTDznfnQxGfhdik2u6bccxK1pn-INYmz4E4PVbopPdfFGWk8Ow6NmZKKs2by353NZE05V_cw5jV-quaDVZyJ_FcghaD8xDtMk1euoDZEy-i9Ql4XHP3_9cGSQAKC2i2HNHOC9VXbqxgijsRcUhQEtVI2E8A2DAL3JLMiwXIOnE3nhoCM81om3fP52c_ZCxBEWMiQcduX046jU74DS3Ul_K900BSil7P-dUqb6F1RhVo4Y7EUiKQveUKq6Asi6Qma_e_b8RCXa4RrcFp7o6PU6Z5gRnxwR1mKezJEWPTGWgmrDKyf0dQdfqAGQGPD6Z_OIJzpWOmPvOFYmQtOirPuP8EnoIoR0TECleUBfZsm6kbSM8D5IL2Gb1BNtGALUmLIFBxbonmptToqsD2m8ajeAZKvdfgRHjjRVW7C_OzH60rlH2LTf22GxyeRJUmzmeeWKO7UCzlSCuGlmGyQG5_73gvn9a7afhnrjR2b6aezbievx9sYyMxRglhfe_p_mpaRLHwZvMJTkT1LxBKPKn3a3BHDlfxE7ItqKORmV6cZOJ7l8V_PPB2MHJqjWwYjH0fPQbjk25zBhAKhDHc7pBbOFxf9yc8FB8ZMjb_63_xQbe2Basc9S8PbtbNWj-qLVfOGtBB8cR9OBvD-sNJQLsrqScvn6iJv1XNJg-EbRUuo3ycpsLFBgkUjDKimQNLQ-Idu1wnXbxdmlk-benH72eqK1SJ16bW-7FcuHtzuFfxXWzawBtjaMH6PkMPTJ1h8&cid=CAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnokta.md%2F&ds=l&xdt=1&iif=1&cor=9038045710543037000&adk=3047537735&idt=101&cac=0&dtd=24

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05f36e111195d0bfc46f0cc8bd1ae40cabd63a4027fde8d741ebf5f342e52010

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EA2D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1

43 B
766 B

11ms
11ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJuhcRDKpa3UBBjDnZ7qATAB&v=APEucNUsieJay6E2gTcDeiaabLde4BkOy_acCChKzBeMXo91jR9OVy-ScYhFzCnRJvORzYH-L26sNAhIYjmf_YW7vyaXLefviGLGx4PB_x8WO1V7QMobkJQcpjYEum842WjEp4fX2iTKLnTfI3vilbrvs9LX5XGvwTYYVk1K_25BspR53iJH5N0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:23 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EA2D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZGz2E.SJP0a2wJFhN6tgPwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1&google_hm=2

43 B
632 B

9ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJuhcRDKpa3UBBjDnZ7qATAB&v=APEucNUsieJay6E2gTcDeiaabLde4BkOy_acCChKzBeMXo91jR9OVy-ScYhFzCnRJvORzYH-L26sNAhIYjmf_YW7vyaXLefviGLGx4PB_x8WO1V7QMobkJQcpjYEum842WjEp4fX2iTKLnTfI3vilbrvs9LX5XGvwTYYVk1K_25BspR53iJH5N0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:23 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDneyozgtfjdPxP7qd5uqco&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame EA2D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEK6YqrLftWMa0vwh2hPGLh4&google_cver=1

43 B
1 KB

8ms
8ms

Image
image/gif

37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEK6YqrLftWMa0vwh2hPGLh4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJuhcRDKpa3UBBjDnZ7qATAB&v=APEucNUsieJay6E2gTcDeiaabLde4BkOy_acCChKzBeMXo91jR9OVy-ScYhFzCnRJvORzYH-L26sNAhIYjmf_YW7vyaXLefviGLGx4PB_x8WO1V7QMobkJQcpjYEum842WjEp4fX2iTKLnTfI3vilbrvs9LX5XGvwTYYVk1K_25BspR53iJH5N0

Protocol

HTTP/1.1

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:23 GMT
AN-X-Request-Uuid: abeaa3c2-0470-46b5-8832-2698ee2a7dd7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEK6YqrLftWMa0vwh2hPGLh4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EA2D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTgxODE4MzQ5ODY1NDM0NDEx

170 B
188 B

29ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTgxODE4MzQ5ODY1NDM0NDEx

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 23 May 2023 17:21:23 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: dedb1e25-0848-4e96-8498-f9b0de2590f1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTgxODE4MzQ5ODY1NDM0NDEx
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1901 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5107877236473&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1901 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5107877236473&version=m202301230201&ct=76&x=1&cor=12154753025338653000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1901 69 KB
31 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DW5uwdPxKTBufyYuT421DufJnj7Bx50uMnzoVlUUfMAZOtWzkxKBlDyiSoPwXC0zRQZmVa3QGrL24WUuxXtiljgq4cgA&cry=1&dbm_d=AKAmf-BOukdEqfUgAbsUuDHRZd7ze1Ub8K-lTIya8_nPr2ERaKAI520sp-gBy36k-rlH9K_8ygmO4qjI8SoQQWeRipJzVRyY3FyyKI9m4CGf0kUR--MzAyFAmrdUA4dussRXzCdn9oPbnCqvwpxTEE0EA7PUYyY17dB7A0BvoJ5Rz2Nt88qL8GKffqNPOjLuiQGD8prft6Le2QysHkFT6rQv6Si_9QsyJYmY09VK6eTsqlw9jOY5RherkY7voyFy75L9QnsnAmANa_1nY2IlyYEN4Tqm67elL7uXuvQjARWjbO3nB3lSZuJxBMwR89LL2tlU_rIlkRHDfgrQ75X5bzl7h3j1CrG1TbphWuyFkMGXiubOkH5uo8YiOFeHkK6y8vMj6vS4JXMwqoh_CFQxZ4NhuPNAAgkLlZnNuL1q5pXVkV1yGtSn9UK7-VJsWL-p7HCqe6au3Mjj8DXBlj-hamEHla6Bav4lnAhbwMTeYYVU0V1kJM9wsuKuDscIWemFJh9q5LsKeVZF7U5hY3s-Thxss2o-03mOL4jSN879WStXbumi0Qtjv_4rNMXwoUPB0ohGcwpYGha6Ml2S9gPBw0tQoQYAEvUCA8Db-baluD_0t4IeQu1WGtkCeTijcCjCNF7GMKc1n0V2wG48K6uzbX1wFzgmxGaXyrK_Ye0qi4etE9HHqSd5xxH8JHeFHiDmwJuoAr3Jf0kliaAKqEV0Agv2Rer7O23QR0flYn-YAKI54NVwfZhxgQzQ1Ag7iTrt1bbiX5nE11WUBPawiaDuZa42b9fRlaleqjWcm9SyB5JijrnLjzowYsFlU2Fm4zMnE4IIq0W0UBOy-h6l-E6guHDoOhRDimngbhplBYcSX0FZMbPPNM1ct_El-DyfmTr4znjot8rUSrGULM5rYlzI0WiWm9ki9YSBvHVSDDZooWmC81uaCqHorqTmNVZtdOvWwJHLpwigRVrMlEXbcEbgOWJ3RtfVys22B_WfHaq7cR2GUeLWFmT8KD6X6hpK6ukT-_UZab1DEKcBsxptbfGfPP4-7i2NL3tc0lNHjuahqsiV8mss_OPxIyYyd1ZnDNDHz9VQmNaVjSsR91MOxvQEyKpcFcAwaFHa1RkZI7oXlYb-dpgKpMSAxww_QMxUJTKQsUXv5yzEuj_pwH6qiEwryTqiyAeHHdBBNP8eJxerbpQ_6zIqUiDqtyFOQmUIltRt7qBjvtsvNDbmb9Y-b0GMd-gEmNMsxykkX0GUolfGJJnFkFoR9ofosle_4YL6i3sbEUNPT-eA_8JDwgvXYKmF4_kdHgiO5OQlRF7b_y0vfpx9r2itrXgyKom2LO5A979jzfAYplIx5YVuhhsVa_VicrWhOsJHC5dus8WVTiFZz5BOEM03JznitjZVK1PN8CuwaWOvtPN9fd3fKAbp-eCaWNavYYRTz9VRMnnA4SIkLXN3MB2TPUeXGffxBcfv8nDkcp0ur-ALdMvP_iYB2Qx1_LfdlzHBvg_QROTBadXPthrgXU7Wz8RjentgDh4gUOsX5FarZtXDoBNKePWxbi1fdRuoNPs1NEfD3kJc_6Q1DpST_2FHehXPfD3mzwGjGmvrh1N6l6IPmqhfwhMLXtEcMa9uKu15PWrxjX4miOxZJ-Rq0VxIbzTGEMvt6yid0ht_UXJuXaJiQUEsHk9aN-xohFIZ3ucl1qczZl4rXqjivUAyMjK_nxokqtoz1qKsefNtaS5q6YiGkdnuwGJhfyjXdO112PA9lFYgUxDxDK5CmtmHz_ZdOi2xQJLliAU4xv7ML362UnFGLSIDY1ZCG3ZTcv5SoyIncDAZn9TEkFXZRmcLnfwwD7b1LY9901kWD3Mpi6z7Op0HSHAcGXFlHex62fuicnk6qvQM6MLO39nAdpBOgktNbVsuBeYCOSpM242kWzUYy_rkNVUOtg0nsViyaqlTKRDwwcMLdtfypC5P422xFh9OnYnJ3aymv-gyuaE-iq1xtYMIIZ8gHEbE-iqsfdGtUBSX2yyZ7piWL9h8dpCpJmJys0_mP6EV6vpXdjrqhXaRWbScUzDw6cyEcU-IVXF_ObyOX2HwFfxGZAAHaaef3JIpqQwz0j-8_cxT7fUZLwyPP_NSi8Ut8g37QO8MADkPVcBPuS25rO2xxUZnbNPYY8HU85FNyCyjD_uqnUG9GelXZ7NTaufCuu0ca2ON-GJ_M4L_dbKuvpkD5YFMB9YDX_EQWOcC2aF_C8l4C7MIvRI7iQXDqZu56FZAYE2uBHzYsaT3lZlXB_C1KzttRsAc6oMObnn2OQfVsgxM2XiO-TmBbOYO6-4GUbI6hUQF7dZa2nNQjLW8ag79xLEbiZOfcONilx9nyOemBUNOYQBjRThJwZPkVS-JUzK9DeTEgm3avW4LwDc6d_wMgWwYr_L2KEEArxMjKZ3czRKzwjW_2F76IyFUY6XBMf0Ok_Wdpm96py0QB-MnBgrhnsUwwszGSv5qbiOz3RTHeDdqW5tvIfl6b1YYA-cIyHKDLI729gfIyFSYyg18SgL7EIAqTSLPcczFcpBxEs8IoH-5UYuKk1CdxnvA9PQOIKAVMgl-Oz0NdukmM4HXmUu0oEJuQS3aubSx58-7uhRxZHO-OH1mFKMic9ds4OO9rPoXg4xaZmPp5rd5OsdwZV491jT2AdYlhBAYyKR1SvYQ_U-SeymiWJMdmGV2tpEv-Z7SHhBY_EZLozVpDmakLP4NWkmPIVfdYcDAMop1NNe6RvU4qcQXxKADPGcIB13hxG0NBACfPAj17mPGhv8TYLqhhiKlV52dQ4BKqxFGdtf0xbcZ91GhYlJGEYg3aDZIxKUhsn9MDJgXS-bVI_mdbvs-7D_QVA4qWnRWqGoJaCt3UDWDvHUB0TNxj_6wTEG1IuMq0pd9w-okWAfEv2E1dj2hTwk0uuU61h1qq8gzv1KieGk6eJTw3ppnQTUaOd4LxMGX-lwoYuCAu65AmaSel7JusNRXW-Ddp8_-gfmfkuxSUOh5pVSHvWwAR5y3IPlB4zJN60Be7NazcEWUSn1ZyJyQUJ1c9aWJWaMqhVnh-SzFTe49ZerUKTyCEWQROhmnf4FBkdVixi9luRibqdlz5d6-FxM0WL2oslyTc4FlWvY3-5aLSmEYzw_-PuWjIkVHpuZERNTRYaeP-uE9J9sggMcGQXjNXrcTi6l7CbBq4U34rUEbvm-aKEx8zqHee5FBL0xn78Vn9SqbXW-PahTOFoeOLnMLGsLPnnXZG0GLLq9waZIeyxFkyC6GX3lDksAsa9p2L61fVPP3dvga1us9MmHjQ1TuNyyMcVZUDhE0GjUvYJlD-Lu_PKieTBEnG6hMsgbAiOrjsiBfCvYJPJBGfGKYli6D_TSPqXVazRLuW0QydXJJrYaWMjADMvwFvU4aVO8mvHJftpzfcwuQiFvnXI7WiiMbCaZf4iQ3Nf-D4eE606eEUsbhpnqBGBlBTuRwSBSUQo9fGw5wf_RU0MR5rXwUO_5pXvsJHcAHa_SoyxT9mXaT_z0guCRJbj4s4AvEV4lE3zd_o0oEIdtIiBWdYm3hZbRhBKUdY_fJhhz-DLfnh-aR3LO2TH2Sj1hNT-ksGeNM6HvkNbX90B7rV_bS7ffdhZyFaX-rxmMO7jfKB-sfS3uYKQupshn7qyHznk_95AdDexByBi3VXLspdqLKAAE1W8ciTKsiZrg0JUoMSWfiFAghXJ38neW-R4s7ydFjjTsk2Kd70j1Ouc37xayfamTaw-g0L77ua-xkW3pfHSnNyNkDzGXYGLmzkfLBhrAz9XhCdS1AeIiyxf_LEW_ifgTeH-UXM3XC6MxKCmXPiSCGAH2dW3DH0GkNbQqMB2GvtC7GG0vNhvqdSziEnlGmtoJoe5N6xUuvhPPgIXsJPSMRiPdVZXE4XENZ9IXONLbt&cid=CAQSTABygQiD6PWe1uA5UMY5O45tEssOCdefplI6yj_FQoENpBTBsms6yT5EKaj3ejMVxIoAY4ud_ovyyjYkgx8iugWCYFGJekYPWyT4h5UYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnokta.md&ds=l&xdt=1&iif=1&cor=12154753025338653000&adk=2476403952&idt=106&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d24ba30a2d8e03e5b723cc6d24e6780e510bfab36827a429c26ce210a8837ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32083
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D735 41 KB
15 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9stwkXigoNeVm60EAfhsQJBc3RPN7fmZQ-lGn0tLdzwNYsZSE3VmmXlsAGVcTzQMtoLQUiSfPf0XvQV_SqAv826S0hRH5JWsTxF_YCTD1ZsMf7LFnyHg2yRcg0pXVTxOutymN0nGfHWVaKo_ce73v7HJET7MCQ54NEySKRPlgETUA5S8&cry=1&dbm_d=AKAmf-A4qzdHJpnDepgiwfsj-aWndQ7mUT8TQoO7rQ8H9Ci2Cv-HylWplnKlngGDk8duxq7wdkVSCIh76vU71WaIDxfIeJJljC1hdswGILOfv8ZEt7DcRd5UO4xggZPRbB9NM80udu6MUcHszPnf-Z9klgSpcFM8gJd9-xcYa8mvCyzCK1VOakgr-blz8Qm5C43ESzVLqLGwlHpjDk6z0R4-o6r6P_PHaPRhAMIRGOzwFt2u3avTbJn_6_NFecnLX3ehmfxNILilsrP1QoQirHSodalo4xU51ifEu4GuV5I-V3WV6jLYmqnEzYjckg7DuVCc1KNOQgzupWRtMasUdtYRSzYrKv4Y2el4SBpVOlcorGtCbYtVBCwXTOeidd_T3pY66WIOoVvR4mA-4gM-nVstWXYjNsdo8N2MwzBrnvN6laP3PrsCeumk4eP5vIl8N86gaDqYirnSRkaGslHhr2puPK6CDC9B6xzzvI1zLt9VfUqk3adeupWhvaPGIDXm0sGvepeBBR3hzJ8SMi3r4698Lq4U7HLCZ_b7-FYEYy09mJSySjgIjXK1qCS-PPBHt0wQVysXfc-O_4qJU6L4k7XSZGQds4xhm_HoyVvl_4x3YIlU1ntsLdS2CgTdyQCD_GEl4ZC2-BnWrrb5nvTseogj2VBRbjCrGEgV2hLrIF9Oeszsw2yaRrv_vkV0MKksj57bAQhU-lj0Ec7JE-eJSK656SZF6iOgLTd3lf0x1W6QJPFPVxJQtEI_bUxxY_d7yHMMRQWuJFzfFOcolPbzmAnbJ9YshpoOKy8ekjx3IU3gZKGiVUooBrShGsjCYLVcEzEj7rU6fIjxgX8er1wc7x_spf0IyqrW3x7wKZWnsv-SAR-q-Lr1HnGERf79h8QWfuCeLHhxPDW5ZQ6opPoPBFfzy2HXBlTDWLL3MZtV-QfgbqwnFF8o8tlxdlTVwAdI4JSic_DcCVcwmtCvdEd_G3cqwL1luqQHulvd4w7woAiqtmola-AqiHw6KnS2KGagOUFJCSKlJpuV54MxSnERiYYatL3AV4P8OjW4jtqkPhzPuebjph1sdJz2DQu3jGVX5yuK3UeGRxfpQ6hi0apwWsvQVZMuzWoYYswGmROCWSK3Gx-Ii_vwawVB_XOGcuXae4P9kweYKRuS3qlvcz99owFXzWURM8L62l_c6tsYXpvMhm32bsu-9etXu9bPtT59Ou5CBviXfJNeMLgyXXqmUeTNrpRD7N2HdRqVd1Ckh7yr2iIWoLRqhNospC15At-aCeJC3jHUemPDXkpgpiiUYFKksgIVVClpStHpgDOgS472MiTL00t0BoXl0GzkKSpPJ3IJ_1MiFinheeXLf-1J-oPZ7lXXuvN5vCKCe4PFeHlqvhTySJ_b4zJITnub4PMG1hDh5B9ntEYpWKFVnDS-tvhmw1I-ril3kI-8P30vBXWbybYq3wLpJQ2Wvgd3Oyk73dLbip4TfT1ev4AGciOes1hGFPiM7iq8o-4UK_w8WTAbBkZB1rQnhnmTMBeAnjrDB8R9XMbBliV9Kzum2OAJK3L8aNLzEJvj-9_yW0nTEzTn5D70lxqST1-ZIAaeahOLqeEXvOprUdId7JD46Vyh84t_XbmHyLaCZ3RalWuEspMlAU_F62P2uOyTUVIUodsGT5NmD_I01nZ40C_Xg8qphpPudcJ9ul5Xqx_kPfiWd_IP0QKIpfewVbfXIl_h7iGLfl1rVa3d2hStsJzk-hxof3DMHBES87EBasVTy_FsQZPiOMjeGALdQfxQ0Ww3nJFS7cqMS7l3RNI2sUwJPDUyQ5fPh95rRjEb5d3fea5a-7EWciT5HX-nOKR1Tgy-NldDjCvXncUl6_fUXts-nIkCzRf6nqaoKiRSXam_ySrpvDg2mJ_McEZcjtLow8akZsML8WMa8Qml3QWjnmDJuAYrbsYcLqhQgQIxdPFKpQZCMWqQUo1awW3k2g6DXSPbqmwt476_Hrj6KwDb_QqLchWO7CxRXTe-VmSdmpWfbj0ZeVo32TpDEbMTByWGQ8_c8JusygHUgJVHUrssK7RUaXX9ZeROr2d9TrcjQvl4I64ZSdwCRTThevnGCbkVwhFGAOmwUK_PKib4e8aWA2aRn-2jEBE0HfMjPJFGThZY5A63K5jpJyduZg7NaruSaoO9iOzLOqTnnrGiYc33zl5JdXMZ0cNm8b5PSkIY2zPaSmWPnbg1Ctkp0Y1_G5Q287yYo6xHmdHHmhL0YzcOc4sfTc9OuxDj_Dzfrvl1-tZKsO3ooK2H3s0ahriScV_6PnZxmhltc3EPAhZzH2vwQqbjlpVbRajF7JEMm2zN0kVGnrK6WLbSs5ocA5S76PwzDTLh4cSdtI3xYCfjwmiJ-mkTWw-Jqv4Cfyzag8_3qq0JyUeFqVm6biQ3TiO8I9ybAzCUn-EIPEoP8-VPVHEJHcJrJc265Wc5pbRkKPzrWCt-FzC966bM5JHQkkl8wJcqlm8ohvhRPWM9lsj-ZVXU4rgFRIIA76HnP-n-pACaAqDq6lO1z_-THnfL4UKooLg1T_CbXccBCrwYllIcHfgVZNdK451Ij4uafEG4yhEyCA2t-tcuxeQ9lnp8d3ujdK2ynSTI8XHdZGpMMIT69PJvmePzJ_h35QEOwNbRQyfXdW_pCFGGWyQDuBJVYSENvq6mX8jqwHAp5dyPX_zgqOaFX6GNQt9duXcsv4E5DYdDmH3lufrbdAdH1XsjpfGeQ7fDXFe98wpEArOeUNcuiICsxS6NRgr34mif71r8YhhwI6GTZgwOcU20dI4al2BFij30QmKXWL4Up35D4XizqIfgjrXKxV7K4ODorxoDOqXDlbRjKatBcuiUJ46_wq1z-Z_VeQm4BtpIyXtdFvt6WZuwDEI18sW76OP1Fe8bKTS3tkIcdraoISbHfDSjEEEvDgjORyMQjv0oGVWGDboM-xcYAsJ-gYf4XQHtz0OPBfM_hDbqjogLA1fRPBCTPpGAoeonRTCdxz1vm5fObvu-VWIQy3eolqOd50b9fuAssKF7Dg3UJY5TvjkLs_yeE28oaK0kF37nk6KudyCDyotVYxEDKjPIPxW70BwOnKv7D5Qm_4n7WB6Tui1XLV-qqpY5cKJpOiHGC_MLqpOMjc9vUTDbK-AUqMESLWTG6Xs11FOFn1T4HpxlhHQ3XZUGI10SfkGp_phWc0_kNvlqPrHDpQMirXr-7UsYtod4-alq3yZD-a07IZ2qtczGDqDMVwi7c2s7gDmbTDznfnQxGfhdik2u6bccxK1pn-INYmz4E4PVbopPdfFGWk8Ow6NmZKKs2by353NZE05V_cw5jV-quaDVZyJ_FcghaD8xDtMk1euoDZEy-i9Ql4XHP3_9cGSQAKC2i2HNHOC9VXbqxgijsRcUhQEtVI2E8A2DAL3JLMiwXIOnE3nhoCM81om3fP52c_ZCxBEWMiQcduX046jU74DS3Ul_K900BSil7P-dUqb6F1RhVo4Y7EUiKQveUKq6Asi6Qma_e_b8RCXa4RrcFp7o6PU6Z5gRnxwR1mKezJEWPTGWgmrDKyf0dQdfqAGQGPD6Z_OIJzpWOmPvOFYmQtOirPuP8EnoIoR0TECleUBfZsm6kbSM8D5IL2Gb1BNtGALUmLIFBxbonmptToqsD2m8ajeAZKvdfgRHjjRVW7C_OzH60rlH2LTf22GxyeRJUmzmeeWKO7UCzlSCuGlmGyQG5_73gvn9a7afhnrjR2b6aezbievx9sYyMxRglhfe_p_mpaRLHwZvMJTkT1LxBKPKn3a3BHDlfxE7ItqKORmV6cZOJ7l8V_PPB2MHJqjWwYjH0fPQbjk25zBhAKhDHc7pBbOFxf9yc8FB8ZMjb_63_xQbe2Basc9S8PbtbNWj-qLVfOGtBB8cR9OBvD-sNJQLsrqScvn6iJv1XNJg-EbRUuo3ycpsLFBgkUjDKimQNLQ-Idu1wnXbxdmlk-benH72eqK1SJ16bW-7FcuHtzuFfxXWzawBtjaMH6PkMPTJ1h8&cid=CAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnokta.md%2F&ds=l&xdt=1&iif=1&cor=9038045710543037000&adk=3047537735&idt=101&cac=0&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sun, 21 May 2023 19:05:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166568
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 20 May 2024 19:05:15 GMT

GET
H/1.1 200
OK vjdy8w6hewcq Show response
hal9000.redintelligence.net/zone/ Frame D735 11 KB
4 KB 75ms
12ms Script
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/vjdy8w6hewcq?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc9H8EvZsZIXBN8TbgQfYiqagBKblvaBplZOcp8kP8C4QASDKo--UAWCV-peCrAfIAQmpArGeC7vyE7I-qAMBqgSHAk_Q4EQqTkUXXDxGK1V2SQLAIxUefqng3YOj_fxuf5_MRqV3NrBbmS1vzz3XzhprPiiRdqfyrvENdaZHKBo4lSIIsI2UNO12eZc_FfayC29NsW2ydEtW6CIixfFEUtwDAcbSPdEsNikOWd__XwMpr9NyTcxmmeglow3fqprXlQABkXt48lmTx9QlDQnbADo4qzi24z0_HOHwnZqJoAJGFiggQvmUexS4sxwfrBmvY0iwYH4LZ1tr25S2kLwW3AuDYkf80zIXB-e37SuuBuNclzGVoLIS1mUF4vToR-kgGCHUr1Hg8E6i9Oa5n5tuhCqmWKNyPZg27WxKXXa4ZaxhFKGQus7_DzuLwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE8yc2RLQEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ%26sig%3DAOD64_11IJIIKI34tVuBzayYhDs5he0TvQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DfStlp2prPp_gC-O9AewE-O0fWF8-KPSeInKlalkFMYka19-r3m5ymCqEQp8pzCCdklihyy1r01lLGhquPAjyWB6Gph_sm3Vrv5wd41SUGhYATtMczdaqb8uGP9mMaAxOr-H7rOPdmQLTLbPH1l_YGzw84OgK0z9H3oeMXF6LEriWUqMg%26cry%3D1%26dbm_d%3DAKAmf-Bp7WlNvsajL4aZbjNYN-ou4pSEbsVvPyMYoDq7dZC4vIRxKzC75faZkO6LpV1NnjZnVVPkIqihPRuSFIEHzM7KhXTRThg9Cwu3MfvuRpzZR00-aD6ogzH4QshzrwGb3Hok-vMa_vfoVBCBke-dRCmTIAuWPKm6u8yXf5BhpdPgv26Zyq-NmbDUFaLSLtd_iMqsuUHGH2KPGuWQDP95fmlJgTbPJ8RFQQLRI31f7G3CtyFcyDg2Yz_XKmsQOyky7E6k1FvdwiRwIZGw9sFtv7oj-FuL1Q6sz3h4_ms1uhji1IDhPsQHAmghk05Q_P3oECMaAGaseTZhroXQymMdSB6oO6ayHNc5sMt6m0J36Nxx95x1DKT0-WE5DgqlnIuVh0vzcF3P9hMbu7J7vWe7Qo-YPWOu530nWhMr7eZTlT6XS04wRkhw45PiN_otkZK6TWdppQNKzi0gmo4roFLBOjC-4RWWp7G-Bz2p4sFuhzaB8_5Op2Yo2dOsUEY31lkeyvax3teqhHQW7_SZcj5UzwO2-9uGiw%26adurl%3D
Requested by: Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: d531714061c19d619d673421affb5cd9696011decaad686c86d42b302df27424

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 23 May 2023 17:21:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4111
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0566 22 KB
8 KB 11ms
10ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 166195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 21 May 2023 19:11:28 GMT
expires: Mon, 20 May 2024 19:11:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230518/r20110914/ Frame 1901 28 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230518/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DW5uwdPxKTBufyYuT421DufJnj7Bx50uMnzoVlUUfMAZOtWzkxKBlDyiSoPwXC0zRQZmVa3QGrL24WUuxXtiljgq4cgA&cry=1&dbm_d=AKAmf-BOukdEqfUgAbsUuDHRZd7ze1Ub8K-lTIya8_nPr2ERaKAI520sp-gBy36k-rlH9K_8ygmO4qjI8SoQQWeRipJzVRyY3FyyKI9m4CGf0kUR--MzAyFAmrdUA4dussRXzCdn9oPbnCqvwpxTEE0EA7PUYyY17dB7A0BvoJ5Rz2Nt88qL8GKffqNPOjLuiQGD8prft6Le2QysHkFT6rQv6Si_9QsyJYmY09VK6eTsqlw9jOY5RherkY7voyFy75L9QnsnAmANa_1nY2IlyYEN4Tqm67elL7uXuvQjARWjbO3nB3lSZuJxBMwR89LL2tlU_rIlkRHDfgrQ75X5bzl7h3j1CrG1TbphWuyFkMGXiubOkH5uo8YiOFeHkK6y8vMj6vS4JXMwqoh_CFQxZ4NhuPNAAgkLlZnNuL1q5pXVkV1yGtSn9UK7-VJsWL-p7HCqe6au3Mjj8DXBlj-hamEHla6Bav4lnAhbwMTeYYVU0V1kJM9wsuKuDscIWemFJh9q5LsKeVZF7U5hY3s-Thxss2o-03mOL4jSN879WStXbumi0Qtjv_4rNMXwoUPB0ohGcwpYGha6Ml2S9gPBw0tQoQYAEvUCA8Db-baluD_0t4IeQu1WGtkCeTijcCjCNF7GMKc1n0V2wG48K6uzbX1wFzgmxGaXyrK_Ye0qi4etE9HHqSd5xxH8JHeFHiDmwJuoAr3Jf0kliaAKqEV0Agv2Rer7O23QR0flYn-YAKI54NVwfZhxgQzQ1Ag7iTrt1bbiX5nE11WUBPawiaDuZa42b9fRlaleqjWcm9SyB5JijrnLjzowYsFlU2Fm4zMnE4IIq0W0UBOy-h6l-E6guHDoOhRDimngbhplBYcSX0FZMbPPNM1ct_El-DyfmTr4znjot8rUSrGULM5rYlzI0WiWm9ki9YSBvHVSDDZooWmC81uaCqHorqTmNVZtdOvWwJHLpwigRVrMlEXbcEbgOWJ3RtfVys22B_WfHaq7cR2GUeLWFmT8KD6X6hpK6ukT-_UZab1DEKcBsxptbfGfPP4-7i2NL3tc0lNHjuahqsiV8mss_OPxIyYyd1ZnDNDHz9VQmNaVjSsR91MOxvQEyKpcFcAwaFHa1RkZI7oXlYb-dpgKpMSAxww_QMxUJTKQsUXv5yzEuj_pwH6qiEwryTqiyAeHHdBBNP8eJxerbpQ_6zIqUiDqtyFOQmUIltRt7qBjvtsvNDbmb9Y-b0GMd-gEmNMsxykkX0GUolfGJJnFkFoR9ofosle_4YL6i3sbEUNPT-eA_8JDwgvXYKmF4_kdHgiO5OQlRF7b_y0vfpx9r2itrXgyKom2LO5A979jzfAYplIx5YVuhhsVa_VicrWhOsJHC5dus8WVTiFZz5BOEM03JznitjZVK1PN8CuwaWOvtPN9fd3fKAbp-eCaWNavYYRTz9VRMnnA4SIkLXN3MB2TPUeXGffxBcfv8nDkcp0ur-ALdMvP_iYB2Qx1_LfdlzHBvg_QROTBadXPthrgXU7Wz8RjentgDh4gUOsX5FarZtXDoBNKePWxbi1fdRuoNPs1NEfD3kJc_6Q1DpST_2FHehXPfD3mzwGjGmvrh1N6l6IPmqhfwhMLXtEcMa9uKu15PWrxjX4miOxZJ-Rq0VxIbzTGEMvt6yid0ht_UXJuXaJiQUEsHk9aN-xohFIZ3ucl1qczZl4rXqjivUAyMjK_nxokqtoz1qKsefNtaS5q6YiGkdnuwGJhfyjXdO112PA9lFYgUxDxDK5CmtmHz_ZdOi2xQJLliAU4xv7ML362UnFGLSIDY1ZCG3ZTcv5SoyIncDAZn9TEkFXZRmcLnfwwD7b1LY9901kWD3Mpi6z7Op0HSHAcGXFlHex62fuicnk6qvQM6MLO39nAdpBOgktNbVsuBeYCOSpM242kWzUYy_rkNVUOtg0nsViyaqlTKRDwwcMLdtfypC5P422xFh9OnYnJ3aymv-gyuaE-iq1xtYMIIZ8gHEbE-iqsfdGtUBSX2yyZ7piWL9h8dpCpJmJys0_mP6EV6vpXdjrqhXaRWbScUzDw6cyEcU-IVXF_ObyOX2HwFfxGZAAHaaef3JIpqQwz0j-8_cxT7fUZLwyPP_NSi8Ut8g37QO8MADkPVcBPuS25rO2xxUZnbNPYY8HU85FNyCyjD_uqnUG9GelXZ7NTaufCuu0ca2ON-GJ_M4L_dbKuvpkD5YFMB9YDX_EQWOcC2aF_C8l4C7MIvRI7iQXDqZu56FZAYE2uBHzYsaT3lZlXB_C1KzttRsAc6oMObnn2OQfVsgxM2XiO-TmBbOYO6-4GUbI6hUQF7dZa2nNQjLW8ag79xLEbiZOfcONilx9nyOemBUNOYQBjRThJwZPkVS-JUzK9DeTEgm3avW4LwDc6d_wMgWwYr_L2KEEArxMjKZ3czRKzwjW_2F76IyFUY6XBMf0Ok_Wdpm96py0QB-MnBgrhnsUwwszGSv5qbiOz3RTHeDdqW5tvIfl6b1YYA-cIyHKDLI729gfIyFSYyg18SgL7EIAqTSLPcczFcpBxEs8IoH-5UYuKk1CdxnvA9PQOIKAVMgl-Oz0NdukmM4HXmUu0oEJuQS3aubSx58-7uhRxZHO-OH1mFKMic9ds4OO9rPoXg4xaZmPp5rd5OsdwZV491jT2AdYlhBAYyKR1SvYQ_U-SeymiWJMdmGV2tpEv-Z7SHhBY_EZLozVpDmakLP4NWkmPIVfdYcDAMop1NNe6RvU4qcQXxKADPGcIB13hxG0NBACfPAj17mPGhv8TYLqhhiKlV52dQ4BKqxFGdtf0xbcZ91GhYlJGEYg3aDZIxKUhsn9MDJgXS-bVI_mdbvs-7D_QVA4qWnRWqGoJaCt3UDWDvHUB0TNxj_6wTEG1IuMq0pd9w-okWAfEv2E1dj2hTwk0uuU61h1qq8gzv1KieGk6eJTw3ppnQTUaOd4LxMGX-lwoYuCAu65AmaSel7JusNRXW-Ddp8_-gfmfkuxSUOh5pVSHvWwAR5y3IPlB4zJN60Be7NazcEWUSn1ZyJyQUJ1c9aWJWaMqhVnh-SzFTe49ZerUKTyCEWQROhmnf4FBkdVixi9luRibqdlz5d6-FxM0WL2oslyTc4FlWvY3-5aLSmEYzw_-PuWjIkVHpuZERNTRYaeP-uE9J9sggMcGQXjNXrcTi6l7CbBq4U34rUEbvm-aKEx8zqHee5FBL0xn78Vn9SqbXW-PahTOFoeOLnMLGsLPnnXZG0GLLq9waZIeyxFkyC6GX3lDksAsa9p2L61fVPP3dvga1us9MmHjQ1TuNyyMcVZUDhE0GjUvYJlD-Lu_PKieTBEnG6hMsgbAiOrjsiBfCvYJPJBGfGKYli6D_TSPqXVazRLuW0QydXJJrYaWMjADMvwFvU4aVO8mvHJftpzfcwuQiFvnXI7WiiMbCaZf4iQ3Nf-D4eE606eEUsbhpnqBGBlBTuRwSBSUQo9fGw5wf_RU0MR5rXwUO_5pXvsJHcAHa_SoyxT9mXaT_z0guCRJbj4s4AvEV4lE3zd_o0oEIdtIiBWdYm3hZbRhBKUdY_fJhhz-DLfnh-aR3LO2TH2Sj1hNT-ksGeNM6HvkNbX90B7rV_bS7ffdhZyFaX-rxmMO7jfKB-sfS3uYKQupshn7qyHznk_95AdDexByBi3VXLspdqLKAAE1W8ciTKsiZrg0JUoMSWfiFAghXJ38neW-R4s7ydFjjTsk2Kd70j1Ouc37xayfamTaw-g0L77ua-xkW3pfHSnNyNkDzGXYGLmzkfLBhrAz9XhCdS1AeIiyxf_LEW_ifgTeH-UXM3XC6MxKCmXPiSCGAH2dW3DH0GkNbQqMB2GvtC7GG0vNhvqdSziEnlGmtoJoe5N6xUuvhPPgIXsJPSMRiPdVZXE4XENZ9IXONLbt&cid=CAQSTABygQiD6PWe1uA5UMY5O45tEssOCdefplI6yj_FQoENpBTBsms6yT5EKaj3ejMVxIoAY4ud_ovyyjYkgx8iugWCYFGJekYPWyT4h5UYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnokta.md&ds=l&xdt=1&iif=1&cor=12154753025338653000&adk=2476403952&idt=106&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21bf4b49938284aaececf999f198f621de0aa792bb5315fc21255d0ab439e145

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 22 May 2023 22:03:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69479
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11001
x-xss-protection: 0
server: cafe
etag: 16383942900985251592
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Jun 2023 22:03:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230518/r20110914/elements/html/ Frame 1901 11 KB
4 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230518/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 22 May 2023 21:53:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Jun 2023 21:53:02 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1901 0
0 112ms
55ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstS5y-pUp3E6mkOci588VtTHEE28GDmQknMYAi39gaIKhPLLhnEO_goQHcx7Mm-SVARKYk_MvHvQZqBrtVvxGJ-R_6VCGr4_LeiGEPJh1oWJ55GbIv3cKmlgzIawVZTmqeKcguIDIJlQpAUVi6iY8puUZsNEJHZjrNabFkQfKTeacwuHArM8ZoKPYgcp6Db5-JET5ZDhgv7-p6yH4o_7y2C5rFLi5avZ6RlwUUgHf_DC1zTapFlPzB2rbedrbK7o3QYiV6Bc1Yn8-2IksbsWbuNfEXVNRFUaJ-LZKEo9mvSa38GRwU2VpQxOgpuBKcd-Doj-i8HBaxtSewgrJIvWBtmoa4W3yskw9xu3m2504s6qftROe520Zok9PQtypQJsMPEJQvlRwHVgnGbq9O0rAkdZ8WQVvwMwgOsno5wVKdzjUuyM4Xgf9PIqVTTnYyL5VLb9g99myXyBrQ539kKGKtmmKGXgZWkR321cDdNNL57RvxikGlCExVVW6FqSnFn_yWLmOdbhkoWtMnDuv4dUEOMHSRZUnmhW-GnNnBstv5IHHqxT3kGuvmjjIyqdCwqGkE6JELCm2UM13wGl6hcmBeeUGJX6n7caYwvuhhZ3qxSVvjQpSUqeqwHl8ek87jE2METy6Psf5IlICpiR50axdpR4VuYYMGnWG9rog1kBQdj1rczOVCihSycuJwGCP9XgEMTm6FhS2oF_6n_ZUswIN6Krf-7SKQ_5Y1Ot5YTOOALKSZGvOajZ97TMrduNwh52Wi_9bOvysWJkmFRyubgHtRXhFTUg4WWN_vb8PTREoJUlhiYmSvlNeTXjNw_G-lZnWvcYi69eEPd3buIj5lnu5c2Ya1HVvrM4toM7co6LSrGZ326hPyFGcMm_4DIG0DIcHJp9zfwp3TGqCTSk-VeLnHB4svUSMz3QPXxGnKVuO4cRgAaI03ILHhjae9a98WZJrGRrLxCLCBc8RLzwKPxhj7S5kxNje9408lrnyB9NNAMtCCx9p3K7a-1Z0DFuO8J-uqhf6wniMTD0XCpINIBj-4-80Fj9NG2kcIA-eaFJltHH88v-_thEKZ53nCaYdYGwiIoo_9uRD_r6A1KaeTo-IirxUfVMyBxuZT-uQ3LlcW8iLmk4dG0CMlUvi016XvHkokWdSNdIYpAsMDwi03bQgunB2ZWO7joUCeSloZiDtHqc4FqjwQmPH1nlTHUZ-6L5tltLFtgfaqvE6-6atmc1aX0La57Ppe29B5O1CWG0XvNK0SByw9VYQa02uVrlFv1sXi-fFYv2w8CCwxtzNueQ-3CPFfSPjKuk9dvoAQrgucfIUbxMgLEXyRQ7JMS1yhckSwvn09u&sai=AMfl-YSpdK2KVwIZP1GaSaRT5JCDKOaQnO9pp2hofAKA4THKTujsOKhUXhBewGeqRe_WjqscaupNKpXMVl3B4aOYLsCiep8MEGWNgkwlJ7Onp2nGbeZCmDzP9A_EZJVj0j7aJaan8dUcw5jzFLEh5reGBhcm0q891xwNtOJqE9pyZwLXzfjTT9J30jn3POcXglUa-cX7tr1HRUesymjTV-DY5lt0Lf-RQ8LWTyS0ji3A8iuMNJzGaPfP5INrOhXJ7n-8zlbcyxP-BmDlwSnfscwsq7ML4YmOzibDykldVDZyGjq-6nmQ8zhWR1UJzml8PRM&sig=Cg0ArKJSzLultmexe4zVEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20230518.40857&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 23 May 2023 17:21:23 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1901 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sun, 21 May 2023 19:05:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166568
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 20 May 2024 19:05:15 GMT

GET
H2 200 14208296169463431793
s0.2mdn.net/simgad/ Frame 1901 29 KB
29 KB 48ms
7ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14208296169463431793

Requested by

Host: e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
URL: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20bf034da28bf47b04cac346dd8e38cc2fd65a96583c082818e686305e872357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 17 May 2023 16:51:38 GMT
x-content-type-options: nosniff
age: 520185
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29434
x-xss-protection: 0
last-modified: Wed, 10 May 2023 12:41:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 May 2024 16:51:38 GMT

GET
DATA 200
OK truncated
/ Frame 1901 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4bde497e1319509adb2b73df425f5e9031b08be6aa8315864661128f93ebf38

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

request.php Show response
hal900015.redintelligence.net/ Frame D735
Redirect Chain

https://hal900015.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=57d673eb70&subid=&uid=10bf31533ac0de7c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900015.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=57d673eb70&subid=&uid=10bf31533ac0de7c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

166ms
144ms

Script
application/x-javascript

138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=57d673eb70&subid=&uid=10bf31533ac0de7c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc9H8EvZsZIXBN8TbgQfYiqagBKblvaBplZOcp8kP8C4QASDKo--UAWCV-peCrAfIAQmpArGeC7vyE7I-qAMBqgSHAk_Q4EQqTkUXXDxGK1V2SQLAIxUefqng3YOj_fxuf5_MRqV3NrBbmS1vzz3XzhprPiiRdqfyrvENdaZHKBo4lSIIsI2UNO12eZc_FfayC29NsW2ydEtW6CIixfFEUtwDAcbSPdEsNikOWd__XwMpr9NyTcxmmeglow3fqprXlQABkXt48lmTx9QlDQnbADo4qzi24z0_HOHwnZqJoAJGFiggQvmUexS4sxwfrBmvY0iwYH4LZ1tr25S2kLwW3AuDYkf80zIXB-e37SuuBuNclzGVoLIS1mUF4vToR-kgGCHUr1Hg8E6i9Oa5n5tuhCqmWKNyPZg27WxKXXa4ZaxhFKGQus7_DzuLwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE8yc2RLQEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ%26sig%3DAOD64_11IJIIKI34tVuBzayYhDs5he0TvQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DfStlp2prPp_gC-O9AewE-O0fWF8-KPSeInKlalkFMYka19-r3m5ymCqEQp8pzCCdklihyy1r01lLGhquPAjyWB6Gph_sm3Vrv5wd41SUGhYATtMczdaqb8uGP9mMaAxOr-H7rOPdmQLTLbPH1l_YGzw84OgK0z9H3oeMXF6LEriWUqMg%26cry%3D1%26dbm_d%3DAKAmf-Bp7WlNvsajL4aZbjNYN-ou4pSEbsVvPyMYoDq7dZC4vIRxKzC75faZkO6LpV1NnjZnVVPkIqihPRuSFIEHzM7KhXTRThg9Cwu3MfvuRpzZR00-aD6ogzH4QshzrwGb3Hok-vMa_vfoVBCBke-dRCmTIAuWPKm6u8yXf5BhpdPgv26Zyq-NmbDUFaLSLtd_iMqsuUHGH2KPGuWQDP95fmlJgTbPJ8RFQQLRI31f7G3CtyFcyDg2Yz_XKmsQOyky7E6k1FvdwiRwIZGw9sFtv7oj-FuL1Q6sz3h4_ms1uhji1IDhPsQHAmghk05Q_P3oECMaAGaseTZhroXQymMdSB6oO6ayHNc5sMt6m0J36Nxx95x1DKT0-WE5DgqlnIuVh0vzcF3P9hMbu7J7vWe7Qo-YPWOu530nWhMr7eZTlT6XS04wRkhw45PiN_otkZK6TWdppQNKzi0gmo4roFLBOjC-4RWWp7G-Bz2p4sFuhzaB8_5Op2Yo2dOsUEY31lkeyvax3teqhHQW7_SZcj5UzwO2-9uGiw%26adurl%3D&documentReferer=https%3A%2F%2Fnokta.md%2F&ancestorOrigins=https%3A%2F%2Fnokta.md&random=3598323939384&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.135.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 79a59e4c0c9b958ddc39b8bbfcdf16692c313c6312470f75e0ae6ba4d98c2980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 88622700118869604444990012333015
Connection: close
Content-Length: 1291
Expires: Tue, 23 May 2023 18:21:23 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:23 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=57d673eb70&subid=&uid=10bf31533ac0de7c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc9H8EvZsZIXBN8TbgQfYiqagBKblvaBplZOcp8kP8C4QASDKo--UAWCV-peCrAfIAQmpArGeC7vyE7I-qAMBqgSHAk_Q4EQqTkUXXDxGK1V2SQLAIxUefqng3YOj_fxuf5_MRqV3NrBbmS1vzz3XzhprPiiRdqfyrvENdaZHKBo4lSIIsI2UNO12eZc_FfayC29NsW2ydEtW6CIixfFEUtwDAcbSPdEsNikOWd__XwMpr9NyTcxmmeglow3fqprXlQABkXt48lmTx9QlDQnbADo4qzi24z0_HOHwnZqJoAJGFiggQvmUexS4sxwfrBmvY0iwYH4LZ1tr25S2kLwW3AuDYkf80zIXB-e37SuuBuNclzGVoLIS1mUF4vToR-kgGCHUr1Hg8E6i9Oa5n5tuhCqmWKNyPZg27WxKXXa4ZaxhFKGQus7_DzuLwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE8yc2RLQEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ%26sig%3DAOD64_11IJIIKI34tVuBzayYhDs5he0TvQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DfStlp2prPp_gC-O9AewE-O0fWF8-KPSeInKlalkFMYka19-r3m5ymCqEQp8pzCCdklihyy1r01lLGhquPAjyWB6Gph_sm3Vrv5wd41SUGhYATtMczdaqb8uGP9mMaAxOr-H7rOPdmQLTLbPH1l_YGzw84OgK0z9H3oeMXF6LEriWUqMg%26cry%3D1%26dbm_d%3DAKAmf-Bp7WlNvsajL4aZbjNYN-ou4pSEbsVvPyMYoDq7dZC4vIRxKzC75faZkO6LpV1NnjZnVVPkIqihPRuSFIEHzM7KhXTRThg9Cwu3MfvuRpzZR00-aD6ogzH4QshzrwGb3Hok-vMa_vfoVBCBke-dRCmTIAuWPKm6u8yXf5BhpdPgv26Zyq-NmbDUFaLSLtd_iMqsuUHGH2KPGuWQDP95fmlJgTbPJ8RFQQLRI31f7G3CtyFcyDg2Yz_XKmsQOyky7E6k1FvdwiRwIZGw9sFtv7oj-FuL1Q6sz3h4_ms1uhji1IDhPsQHAmghk05Q_P3oECMaAGaseTZhroXQymMdSB6oO6ayHNc5sMt6m0J36Nxx95x1DKT0-WE5DgqlnIuVh0vzcF3P9hMbu7J7vWe7Qo-YPWOu530nWhMr7eZTlT6XS04wRkhw45PiN_otkZK6TWdppQNKzi0gmo4roFLBOjC-4RWWp7G-Bz2p4sFuhzaB8_5Op2Yo2dOsUEY31lkeyvax3teqhHQW7_SZcj5UzwO2-9uGiw%26adurl%3D&documentReferer=https%3A%2F%2Fnokta.md%2F&ancestorOrigins=https%3A%2F%2Fnokta.md&random=3598323939384&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 23 May 2023 18:21:23 +0200

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1901 0
0 46ms
46ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstS5y-pUp3E6mkOci588VtTHEE28GDmQknMYAi39gaIKhPLLhnEO_goQHcx7Mm-SVARKYk_MvHvQZqBrtVvxGJ-R_6VCGr4_LeiGEPJh1oWJ55GbIv3cKmlgzIawVZTmqeKcguIDIJlQpAUVi6iY8puUZsNEJHZjrNabFkQfKTeacwuHArM8ZoKPYgcp6Db5-JET5ZDhgv7-p6yH4o_7y2C5rFLi5avZ6RlwUUgHf_DC1zTapFlPzB2rbedrbK7o3QYiV6Bc1Yn8-2IksbsWbuNfEXVNRFUaJ-LZKEo9mvSa38GRwU2VpQxOgpuBKcd-Doj-i8HBaxtSewgrJIvWBtmoa4W3yskw9xu3m2504s6qftROe520Zok9PQtypQJsMPEJQvlRwHVgnGbq9O0rAkdZ8WQVvwMwgOsno5wVKdzjUuyM4Xgf9PIqVTTnYyL5VLb9g99myXyBrQ539kKGKtmmKGXgZWkR321cDdNNL57RvxikGlCExVVW6FqSnFn_yWLmOdbhkoWtMnDuv4dUEOMHSRZUnmhW-GnNnBstv5IHHqxT3kGuvmjjIyqdCwqGkE6JELCm2UM13wGl6hcmBeeUGJX6n7caYwvuhhZ3qxSVvjQpSUqeqwHl8ek87jE2METy6Psf5IlICpiR50axdpR4VuYYMGnWG9rog1kBQdj1rczOVCihSycuJwGCP9XgEMTm6FhS2oF_6n_ZUswIN6Krf-7SKQ_5Y1Ot5YTOOALKSZGvOajZ97TMrduNwh52Wi_9bOvysWJkmFRyubgHtRXhFTUg4WWN_vb8PTREoJUlhiYmSvlNeTXjNw_G-lZnWvcYi69eEPd3buIj5lnu5c2Ya1HVvrM4toM7co6LSrGZ326hPyFGcMm_4DIG0DIcHJp9zfwp3TGqCTSk-VeLnHB4svUSMz3QPXxGnKVuO4cRgAaI03ILHhjae9a98WZJrGRrLxCLCBc8RLzwKPxhj7S5kxNje9408lrnyB9NNAMtCCx9p3K7a-1Z0DFuO8J-uqhf6wniMTD0XCpINIBj-4-80Fj9NG2kcIA-eaFJltHH88v-_thEKZ53nCaYdYGwiIoo_9uRD_r6A1KaeTo-IirxUfVMyBxuZT-uQ3LlcW8iLmk4dG0CMlUvi016XvHkokWdSNdIYpAsMDwi03bQgunB2ZWO7joUCeSloZiDtHqc4FqjwQmPH1nlTHUZ-6L5tltLFtgfaqvE6-6atmc1aX0La57Ppe29B5O1CWG0XvNK0SByw9VYQa02uVrlFv1sXi-fFYv2w8CCwxtzNueQ-3CPFfSPjKuk9dvoAQrgucfIUbxMgLEXyRQ7JMS1yhckSwvn09u&sai=AMfl-YSpdK2KVwIZP1GaSaRT5JCDKOaQnO9pp2hofAKA4THKTujsOKhUXhBewGeqRe_WjqscaupNKpXMVl3B4aOYLsCiep8MEGWNgkwlJ7Onp2nGbeZCmDzP9A_EZJVj0j7aJaan8dUcw5jzFLEh5reGBhcm0q891xwNtOJqE9pyZwLXzfjTT9J30jn3POcXglUa-cX7tr1HRUesymjTV-DY5lt0Lf-RQ8LWTyS0ji3A8iuMNJzGaPfP5INrOhXJ7n-8zlbcyxP-BmDlwSnfscwsq7ML4YmOzibDykldVDZyGjq-6nmQ8zhWR1UJzml8PRM&sig=Cg0ArKJSzLultmexe4zVEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=92&vt=11&dtpt=90&dett=2&cstd=0&cisv=r20230518.40857&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 23 May 2023 17:21:23 GMT

GET
H3 200 b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js Show response
pagead2.googlesyndication.com/bg/ Frame 0566 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f8910bb4b43e21480fa154045cd5fcf338313475a176572f9b3cb5bdb9abbbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14738
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 May 2024 13:46:36 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AE58 22 KB
8 KB 9ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 166195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 21 May 2023 19:11:28 GMT
expires: Mon, 20 May 2024 19:11:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 event
ads.adfox.ru/239538/ 0
66 B 85ms
84ms Image
text/plain 2a02:6b8::1be
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.adfox.ru/239538/event?hash=1ac40496bcfc9c20&pm=cza&p5=nmoxl&rand=iaxuzmd&sj=OQps12AxuZr2r4TCX_N3J7ERQ0e8V5yTfymKfkXUHZCK7QD_Ja8VibjpBYOzaQ%3D%3D&ad-session-id=9893891684862482221&lts=fluzode&ytt=144036023369733&ybv=0.775430&ylv=0.775430&dl=https%3A%2F%2Fnokta.md%2F&pr=muibryc&p1=cwutf&rqs=EaKjJRDm9SQS9mxk1nBS4muU07kCxOLP&p2=y

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1be Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 May 2023 17:21:23 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
expires: Mon, 04 Dec 1999 21:29:02 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 67ms
32ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-16386"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 24 May 2023 17:21:23 GMT

GET
H3 200 b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js Show response
pagead2.googlesyndication.com/bg/ Frame AE58 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f8910bb4b43e21480fa154045cd5fcf338313475a176572f9b3cb5bdb9abbbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 13:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14738
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 May 2024 13:46:36 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7342 15 KB
6 KB 52ms
16ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=nokta.md

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

42b9a15f9b6a86e0bca2678c6a6679ed2e73777ca55d893012e685275249f702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:23 GMT
server: Kestrel
server-processing-duration-in-ticks: 528892
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 65ms
32ms XHR
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-16386"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 24 May 2023 17:21:24 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F792 0
0 44ms
44ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305180101&jk=817785981993421&bg=!xcalxpLNAAZ8_aWmXP07ADkAdvg8WjSyAufW_TWLCCOFlHImeVarfZbBni_boIN0YIBeAeHCvdxs4OSWY5oJUYDqUl6e2O4bPj4CAAAA3FIAAAADaAEHCgDC24Xzsyj2CnFRtLAzUloDK9SP9Ew2UbyTMqJD-z3s-U6i4qncitTYAuSZuvoXvgRJYRvuzknZJc5CNZgsA_ZWhydHSiTwS8l_CcPosf45FL18cA87m5ZOIEvJqXwdEcw1DqHD_LY3j1mqJWy4qSOezYsiVV9IzVgfafovCFVyr7LU6cBe81aYRYmOcYXIE9c4a4WK3PFhieMmOnenIZ6-n4GsswPDk8J_41HeRA9UwhxcgLDXsVP9ZdUY4E5MRq2CXnKZArrYnDAIYVrqYOoFhY6zUmMKbUGra2IMOQznZfn6HZC09RIhimN3yDhjRQ1NgTx7Jky5mGBnPs3G3LIsLtZoKWSaCjMBzCk_rCw76n8Aw0B1AtGy4q3QwP3sLsAYauFGLx71YmUrRZKjaUXzYI7nvGoruvJJqTBYvx3lS6oh-drTvGg0KW49fwB6b75sPqMq6lotsg0WMkxXaaye1S1P-f70g1K9SYWiD6SoANZGWsbO8656nAk2ZLOjrRWqnRdoZdy_NbfYBgsH86uWqqYEksP_IilezjlN4q5Qjnyn04HcSZvc8nXr2-udtXxwd2GGhCzhGkSJQWUWtl6-atApbHcfSmRpiAyd_9xrh0yDnEWDok4HN3VpV9eC426auN-FbD1HVgyHw7t-hrxANUPT9I1b1TH3v-LTmQiYFTmw_v9O7aQ0Fq24V0hR5F5wC21Px_2xMrFxBpzsq4VOcCAuUDy8ynBMJlU-paFMfwwCJrbolbNDeYNroOCP0V0uHDIFLMPYna0AIGnO8_cD5O9S7KIR4UMYCg_p3uwDcFwZiiCXvv1t6LNePP2IvMGAXZMTe5LGOyyHSuDnL-8DEQtLSoXW-WJDvkbRDPQuMrg2iryWSYyR4tqimZj9_4X7wG0uqD8On5VcRyNVvd0MntgJ0MlT91V-wjHKvdaicAdneWBBdCpKE2f_GM-PYULyzGInETvsmPyBtUMwG4R8dHk0uR2VOr1jfZOF6BFrczzGY9FYeY9gD7Lfew6EnvMgwMZ8ra9ZEo82qY6JA-Q0LdxAmZulR-U8kYGS4pm2X3NlCiDERgrKUCs8icy917eEKQOkqmllZV1pLrbrYwWVBixM0TgLYcYrJdBP5LTJKV5WLIw43AL9cwIsiqxXe2ScVBsige54iGRk_3-rsIMAWOf1lT62C09kmXpQ0kKrvg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H2 200 / Show response
adv.office-partner.de/ Frame 362F 930 B
931 B 67ms
6ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=57d673eb70&subid=&uid=10bf31533ac0de7c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc9H8EvZsZIXBN8TbgQfYiqagBKblvaBplZOcp8kP8C4QASDKo--UAWCV-peCrAfIAQmpArGeC7vyE7I-qAMBqgSHAk_Q4EQqTkUXXDxGK1V2SQLAIxUefqng3YOj_fxuf5_MRqV3NrBbmS1vzz3XzhprPiiRdqfyrvENdaZHKBo4lSIIsI2UNO12eZc_FfayC29NsW2ydEtW6CIixfFEUtwDAcbSPdEsNikOWd__XwMpr9NyTcxmmeglow3fqprXlQABkXt48lmTx9QlDQnbADo4qzi24z0_HOHwnZqJoAJGFiggQvmUexS4sxwfrBmvY0iwYH4LZ1tr25S2kLwW3AuDYkf80zIXB-e37SuuBuNclzGVoLIS1mUF4vToR-kgGCHUr1Hg8E6i9Oa5n5tuhCqmWKNyPZg27WxKXXa4ZaxhFKGQus7_DzuLwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE8yc2RLQEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ%26sig%3DAOD64_11IJIIKI34tVuBzayYhDs5he0TvQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DfStlp2prPp_gC-O9AewE-O0fWF8-KPSeInKlalkFMYka19-r3m5ymCqEQp8pzCCdklihyy1r01lLGhquPAjyWB6Gph_sm3Vrv5wd41SUGhYATtMczdaqb8uGP9mMaAxOr-H7rOPdmQLTLbPH1l_YGzw84OgK0z9H3oeMXF6LEriWUqMg%26cry%3D1%26dbm_d%3DAKAmf-Bp7WlNvsajL4aZbjNYN-ou4pSEbsVvPyMYoDq7dZC4vIRxKzC75faZkO6LpV1NnjZnVVPkIqihPRuSFIEHzM7KhXTRThg9Cwu3MfvuRpzZR00-aD6ogzH4QshzrwGb3Hok-vMa_vfoVBCBke-dRCmTIAuWPKm6u8yXf5BhpdPgv26Zyq-NmbDUFaLSLtd_iMqsuUHGH2KPGuWQDP95fmlJgTbPJ8RFQQLRI31f7G3CtyFcyDg2Yz_XKmsQOyky7E6k1FvdwiRwIZGw9sFtv7oj-FuL1Q6sz3h4_ms1uhji1IDhPsQHAmghk05Q_P3oECMaAGaseTZhroXQymMdSB6oO6ayHNc5sMt6m0J36Nxx95x1DKT0-WE5DgqlnIuVh0vzcF3P9hMbu7J7vWe7Qo-YPWOu530nWhMr7eZTlT6XS04wRkhw45PiN_otkZK6TWdppQNKzi0gmo4roFLBOjC-4RWWp7G-Bz2p4sFuhzaB8_5Op2Yo2dOsUEY31lkeyvax3teqhHQW7_SZcj5UzwO2-9uGiw%26adurl%3D&documentReferer=https%3A%2F%2Fnokta.md%2F&ancestorOrigins=https%3A%2F%2Fnokta.md&random=3598323939384&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 23 May 2023 17:21:24 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 30 May 2023 17:21:24 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame D735 2 KB
2 KB 160ms
74ms Script
text/html 18.133.209.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=88622700118869604444990012333015&nw=1
Requested by: Host: nokta.md
URL: https://nokta.md/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.209.175 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-209-175.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: f9f565ffda4f2dfd59ef92595e7e5f3ecfc363d6122158cf28c3a26ea7214367

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:24 GMT
last-modified: Tue, 23 May 2023 17:21:24 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 23 May 2023 17:22:24 GMT

GET
H2

200

activityi;dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055 Show response
8019191.fls.doubleclick.net/ Frame 8A67
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055?

392 B
325 B

77ms
61ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055?

Requested by

Host: nokta.md
URL: https://nokta.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

d606de01acf790d9b17825ff891022c25e47b75b6e61b38c18df2f4f430733e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:24 GMT
expires: Tue, 23 May 2023 17:21:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:24 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900015.redintelligence.net/ Frame 4B5D 7 KB
2 KB 42ms
12ms Document
text/html 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=57d673eb70&subid=&uid=10bf31533ac0de7c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc9H8EvZsZIXBN8TbgQfYiqagBKblvaBplZOcp8kP8C4QASDKo--UAWCV-peCrAfIAQmpArGeC7vyE7I-qAMBqgSHAk_Q4EQqTkUXXDxGK1V2SQLAIxUefqng3YOj_fxuf5_MRqV3NrBbmS1vzz3XzhprPiiRdqfyrvENdaZHKBo4lSIIsI2UNO12eZc_FfayC29NsW2ydEtW6CIixfFEUtwDAcbSPdEsNikOWd__XwMpr9NyTcxmmeglow3fqprXlQABkXt48lmTx9QlDQnbADo4qzi24z0_HOHwnZqJoAJGFiggQvmUexS4sxwfrBmvY0iwYH4LZ1tr25S2kLwW3AuDYkf80zIXB-e37SuuBuNclzGVoLIS1mUF4vToR-kgGCHUr1Hg8E6i9Oa5n5tuhCqmWKNyPZg27WxKXXa4ZaxhFKGQus7_DzuLwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE8yc2RLQEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTABygQiD7iLFsyljRrert7sFupmKAbR_ly6QTQDpyWYljZIX7VzCFoQ7BpXOF_AmmKnN5meTJXUNllsXONz4tG4e6NpFgcN53FsnuS4YAQ%26sig%3DAOD64_11IJIIKI34tVuBzayYhDs5he0TvQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DfStlp2prPp_gC-O9AewE-O0fWF8-KPSeInKlalkFMYka19-r3m5ymCqEQp8pzCCdklihyy1r01lLGhquPAjyWB6Gph_sm3Vrv5wd41SUGhYATtMczdaqb8uGP9mMaAxOr-H7rOPdmQLTLbPH1l_YGzw84OgK0z9H3oeMXF6LEriWUqMg%26cry%3D1%26dbm_d%3DAKAmf-Bp7WlNvsajL4aZbjNYN-ou4pSEbsVvPyMYoDq7dZC4vIRxKzC75faZkO6LpV1NnjZnVVPkIqihPRuSFIEHzM7KhXTRThg9Cwu3MfvuRpzZR00-aD6ogzH4QshzrwGb3Hok-vMa_vfoVBCBke-dRCmTIAuWPKm6u8yXf5BhpdPgv26Zyq-NmbDUFaLSLtd_iMqsuUHGH2KPGuWQDP95fmlJgTbPJ8RFQQLRI31f7G3CtyFcyDg2Yz_XKmsQOyky7E6k1FvdwiRwIZGw9sFtv7oj-FuL1Q6sz3h4_ms1uhji1IDhPsQHAmghk05Q_P3oECMaAGaseTZhroXQymMdSB6oO6ayHNc5sMt6m0J36Nxx95x1DKT0-WE5DgqlnIuVh0vzcF3P9hMbu7J7vWe7Qo-YPWOu530nWhMr7eZTlT6XS04wRkhw45PiN_otkZK6TWdppQNKzi0gmo4roFLBOjC-4RWWp7G-Bz2p4sFuhzaB8_5Op2Yo2dOsUEY31lkeyvax3teqhHQW7_SZcj5UzwO2-9uGiw%26adurl%3D&documentReferer=https%3A%2F%2Fnokta.md%2F&ancestorOrigins=https%3A%2F%2Fnokta.md&random=3598323939384&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e52abda4bcb62a6936b7b32c33bb25f24c415d5506ddf9737e615ed38dd06a57

Request headers

Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2170
Content-Type: text/html; charset=utf-8
Date: Tue, 23 May 2023 17:21:24 GMT
Expires: Tue, 23 May 2023 18:21:24 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame D735 43 B
703 B 208ms
126ms Image
image/gif 184.29.202.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=88622700118869604444990012333015&pv=1

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.29.202.60 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-202-60.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:24 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame D735 43 B
704 B 144ms
62ms Image
image/gif 184.29.202.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338577&v=11830&q=357066&r=296283&pref1=88622700118869604444990012333015&pv=1

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.29.202.60 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-202-60.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:24 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame D735 43 B
705 B 168ms
86ms Image
image/gif 184.29.202.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=88622700118869604444990012333015&pv=1

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.29.202.60 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-202-60.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:24 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame D735 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c849a84313207524e8861bf35cd4a2c964c8c0b1fecc84607bc44426583ac1f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0566 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BtWGTE_ZsZIL-KZXC3wOYvoygBAAAAAA4AeAEAg&bg=!AwClAFTNAAZ8_aWmXP07ADkAdvg8Wt2e7e-xOBmbg4SklIpIFG8jVmrOkSPwjC0LoQCkzAxvjNo3cQzeMTO0pNZYCupMODkic6ICAAAA0VIAAAAEaAEHCgBY3C1e5Y7qSZd77yhCpEAiVJpBKRZtAnA5Ny6AOaCZBOc69pdN76IQQj7gMiE8ZXepOQcPy3G7m4VLLWf270Abg_O4LCTraP7yPczl8jLKY9p8G71glMn6NpkC6dM9RLrQMOkZj6lvKJrzJiEg6yEDbzLjgsxoktnLvI_4Pk9xeem7OPIxJtR3JhNi1KdYXoLeufelrJN2lZz2O0xeg47lfqLJRMTkmndzJYjpZebpXkW2-1A6qoc0mkKbutG-djAlcsLzlt4Lf1sbIG1RP-X13gPCc6GLzKS4DXx90WErlTHxMeM7Vc-fqwsM9uMZLBQRcuLxRBvbWGX7PvF5AMXVOGFY6iCk_GgC2rWTyzQm2BQytQ-YQKubsHeO0TXTGxNin0n0rhV5EgoHJiuhn15k7F9Q_WX0KSCefQ7slTsHFwxOBAwIrSgJPjHI8Ew2pcoC54I9L44JRBx1Ck6S0uchaZzeQJYhgXwX64xHEndiuuRWnvc_5RekDEqve5tmD3IVN_Gcwyu0Xxhcd5y6j49k3LIxB0hC4O7q1kyEDKh48LbG6UxNi-1_UixIlLvvn8OzGnFZLQoqkIXU0bbqvptP_H1fZi3uKFm0Cv_EClMIEoEuSADPXLxkU039gcG0SrUp_ImojEghZ_7Nd2Gw14a4BVCGTDAOQTt2aisul4G5lXtLZTt_4O2-fZ9Ss5KnUe829znc_F7oWSW9k-6Hdp3QzIY9B7AKBKe1f1t5sahH7Re5wP_MalVOFlPiapGJExqVtFJ9aw2wENpoL26xl5dAzT1rmU7xCmDq7GLhI-nSMrCb2JXbj_L7TuU8I4GYYm6X9YDzz5hbmhL3VUiOJuiiaPVcg6_UaGskodQmj8PzrplzjhV0k1iPVyKO-34dIhqo0KK3UHr4BRKU0r9_fn7SxeyS9NGkyyhrPx1jXry6AQkdp5IY_Bnx6y2RT0bQBvKaZGe7p2XoG8ZZhZLnh51RRooJkb5FrytV60CZHvqFCSWBSDPpuS3X0-GL1AZ5wS9YifbuKm6RhJX8hXGShsGboYGPOzYoWr-wXCdgYRfJ3y-aqDH565JRRcxW3tx7u99OSoVImMf3jvZHuIy58_04ufCYsyA

Requested by

Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4B5D 5 KB
1 KB 62ms
20ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

30ece5ac4e330eb0d7d2f0ff3096f914def5a156abfd9f6f0352d03bcf40311b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 23 May 2023 17:21:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:24:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 May 2023 17:21:24 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 4B5D 56 KB
56 KB 36ms
14ms Image
image/png 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 507bd0fd4cb27bbe4e593df2811651c220e3bbd29f370b45af15ef46839bc6e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 23 May 2023 17:21:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 57465
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 4B5D 58 KB
58 KB 154ms
130ms Image
image/png 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 29dedf4e30fe3d7cf62b3310017d3d7d5b6f1908828c2668f37942d8742fe39c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 23 May 2023 17:21:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 59324
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 4B5D 64 KB
64 KB 90ms
66ms Image
image/png 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/32783/creativesup/1200x627-1.jpg
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 5e4c187169514549d4993f5d08dcbfe2961ca864b28a68e3338770331e517e85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 23 May 2023 17:21:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 4B5D 36 KB
37 KB 37ms
13ms Image
image/png 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: d29e9b417219db909a5ce416d3828c4eed004bdf16c0fd6598ac80cc4f3ac13a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 23 May 2023 17:21:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 37341
Vary: Accept-Encoding
Content-Type: image/png

GET
H2

200

sid Show response
mug.criteo.com/ Frame 7342
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=nokta.md&sn=ChromeSyncframe&so=0&topUrl=nokta.md&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=INH693xDbXRCd0VwaktTRUpyV2Q1b2tpYUdoTXpCWFA0NmFrLzhxcEx5cEtsT29lOW5ERnZyeC9vdHVSbUVrN3lvcjF1RFozWDg5M1lndTlmaUd5cjQwWGV1Y29Od0wyWGpHMHlkR0dCM2dLaENDeXB3WEJ1QnJNck95Mm...

436 B
655 B

174ms
17ms

Fetch
application/json

178.250.7.13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=INH693xDbXRCd0VwaktTRUpyV2Q1b2tpYUdoTXpCWFA0NmFrLzhxcEx5cEtsT29lOW5ERnZyeC9vdHVSbUVrN3lvcjF1RFozWDg5M1lndTlmaUd5cjQwWGV1Y29Od0wyWGpHMHlkR0dCM2dLaENDeXB3WEJ1QnJNck95MmxXZ1dkS0ZpazhLUmMxQjZaNjZPdFFoWWdhU09kdlMxeFlsL3lwSWN5QlkvS3gyVlIxYWlGd3R1U3BTOWhwdXVDV3VIQ29JR1o4RDhyRE4vTWluV2NPTUFBbHdWYjVtaEtxSWtldVJEN2FaR053Y1NGS05qVzUyWWFHZGZtWFJ4UVZpNklWYTdidU51QmVJYXNBc1hrcE5kMm15QWFaUT09fA&cppv=2

Protocol

Server

178.250.7.13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a3b81d8c7b66a1ced235161d7c48ff1909c17f0770c214655ab28a280406c20f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:23 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1153277
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:24 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=INH693xDbXRCd0VwaktTRUpyV2Q1b2tpYUdoTXpCWFA0NmFrLzhxcEx5cEtsT29lOW5ERnZyeC9vdHVSbUVrN3lvcjF1RFozWDg5M1lndTlmaUd5cjQwWGV1Y29Od0wyWGpHMHlkR0dCM2dLaENDeXB3WEJ1QnJNck95MmxXZ1dkS0ZpazhLUmMxQjZaNjZPdFFoWWdhU09kdlMxeFlsL3lwSWN5QlkvS3gyVlIxYWlGd3R1U3BTOWhwdXVDV3VIQ29JR1o4RDhyRE4vTWluV2NPTUFBbHdWYjVtaEtxSWtldVJEN2FaR053Y1NGS05qVzUyWWFHZGZtWFJ4UVZpNklWYTdidU51QmVJYXNBc1hrcE5kMm15QWFaUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 296536
content-length: 0
expires: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 46ms
45ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305180101&jk=2879232841913021&bg=!9_Sl9KDNAAZ8_aWmXP07ADkAdvg8WqQMOKZfByXDJKv-OPpDsL9U--4XqnDrsPnkoiOOPJEB5eLFZITKdLNrf3R3CyHKYuGIvTUCAAABIVIAAAADaAEHCgBKNkW_3GaDtRONC8HQLt9jhS05R2a-xMHpEtMy_F2rNHle3mx4cHVMePzh4eL9LMlBj_37_u4BTi8VtOa4JcSJ4lmwx05ezlUt1dmZAqHA-14xwfKS7lDzk0uC2TDKKqsbYZTZo09idnjIteBR8v8pIQqO7lKMn1j3Qs1axsTcHNYwNFsxS6z3jaPR8Gtbc8sfMWrWM_rPtD5OiRxRp4kPgXsJgX4N1SRVILv9AbMB_QKGkAY9kyUydXdoVIwtMlTbikASlTcCQ-zqUTTQH28zgOUwGBbWNSRRDl4w6UzPHzoOh6oqHpQA86_BYqWPdjcCC06UGZu6wEALRVqKS5gQ0e1RfO-fE9XRlBX0obK5IqG24EEPrd1AeA10L_6j2imGe09pA1YO1clKeeF31GvjR5twHWJUUm3Zk7TBYlk8ZAhqUK-xOzWtFXqFbUUbbiYMU7I4hp_QNp6pN8Cc_NlF36lI_K0NqMFeCK-HTG-2GrgsKH96dryCfoonthcRECd70W5t6MgK4F6uUFaTrX95rV5lBcjnAdIe3Y3gD_V2rSGqEJ6OfyzaMyaVIVdkww6k5QPE1lGLRVqLiYnB36Ipqg2io8PM4x3RTBP2py2QFGs0GiQaVF3GFQfHHBJWMKDJbJIES_u9GgZ9p6Ji48z4wlHMi8kA7tfgwcwghwjUzzHt1MicETiOhLwVX5DD4AJQL816RYgQGp5CxFbNQnGRWDcmv0soV7N64RJI-4S0IilrEjrIDGppPcW_TgLr_wPfpFXHmEieL7VXOraF_vDkOPegaz1aPqx2quGM98ZN9U2kvP52z6hqhkU8LEYeu2Uu5QJVPTcyf8XVkbrrnI1i8hms-xtkKlaDDKPS3nwSBkr2MArH4JlmeLbAq7-w8tzoAJ3esAUhSli_o_xw1ceA48eCKm6ndDFDtf5NFOUByxbveCyiwX-_q-OqtT_2twMchXsTLoZ-y0cZMVyVXJXUJrabye6LhIIamv679jG3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 362F 110 KB
42 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3cb89651dc811026332da4b77a4ad33fcea8d13101b2074e1323332bca079eaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43089
x-xss-protection: 0
last-modified: Tue, 23 May 2023 17:02:42 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 23 May 2023 17:21:24 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame D735 85 KB
31 KB 130ms
7ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=88622700118869604444990012333015&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 15:16:20 GMT
content-encoding: gzip
via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 7505
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: jeW5YdgfXFmVyXOIhT17FFVAnx1VledTyfdZCpOQ2mWsZxH4ovql6g==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame D735 3 KB
3 KB 46ms
6ms Image
image/png 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1684862784&Signature=hOCDpXZKDN3gURsKwf4k15t7AzU-c1MGykvz5X69I2FqJL39cMUTqwhZoZEWvdLgriGEszO9q0UuYpF8crPWCDbb9tH6RyHOw8vOf~7n9YRf50lCbNal4o1mETaXIJvls7F8NeYcHhZDY54ePb3w--qH5PHsu9JDHcBPb5lslbo9Bu7pExMGbSw2Zg1GRKTvEK8TbqKhe8HgZKbri0u5TjHdnv2eL1l2MWPA6BzjJYsDz7uh8YAbhf1tRPsgG4GGsc1ahePZApWwl8fB3L4rXluotPFOd6-6u7EvuRNdB~jTKZgQulLAZCuzEqXvxmwwFFW-JCKO4Y0TIqLgts3qRw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
URL: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 23 May 2023 08:59:02 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 30143
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: E-GBJgA52djZqv_shUZhJDmPTzvpRRZ0okiD6uQeS8ab7pS0D7AWgw==

GET
H/1.1 200
OK viewability Show response
hal900015.redintelligence.net/ Frame 4B5D 0
150 B 36ms
11ms Script
text/html 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/viewability?s=88622700118869604444990012333015&a=c12dfc6c&vb=m
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/request_content.php?s=88622700118869604444990012333015&a=1f44905a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 23 May 2023 17:21:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE58 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1DMsE_ZsZOW6LJeRjuwPuYy8mA8AAAAAOAHgBAI&bg=!ZGelZzPNAAZ8_aWmXP07ADkAdvg8WuFgLZnjvwth9V94OgLBT5-5w8gcdXdiAQlQ_DRfycUfQM_ntWvrHlpsL6lGkTVeXtutb7sCAAABX1IAAAANaAEHmQMEg7H9B3eHFG8vYgGh_Oy8vQti3KheZl1zabpYfSHd1aF_8aF5OtDn8xCWU2myU5CTeFEjLSjIgPvLQkS6Q1zbX5ib8sMzIlC6brAZrvdu1he7npSligJd_01if7CwoIryQZL6t0iID3-Hoitz-NVLtBRcI7CT6Wg7Rm88hJbdh-t7jtfwIPdCMtXrefvsjJ5q7okR-neAv41LYHKdTWU4LwcEPIXFmmTKK9sDXqQ-XGtb_ziE7Nen33ek06LfNi07x8NnrMDiLC-bNlh7MSJ2hg1-2C3lv9EF7afhk4zMv4F7u7o4MFxDqW0HyIBBkL65pr8WuRCcW5VxezdCLI8Jni0foMo4BUMHANFrcaVPIaXgcnkbXqXDjzQiTBOGMRvWZaROi67bbC-o_k4akacd66yxqa0aaU4LtxcXapd2vj_p5egAXXKdDyJPoI3phsJYG6ZYwzplwd6yj60VxdmAz7uE-3NTlitIkUgYo8jseQr0mWwpHpFdF376ixYEjgYfjbnFvrDN1D8ENosIw6GWXEnQIXq85xRTtGTZbTBBviIbAr_-h2KiwCqumH7FEXp-4uptSE1p5LMEmmHNGaydrKUT-EeEPVmATkE6pUb1mZEogmLlu3Cg-npXbRb1H66MBvATszgosMmuJOVny4v-MUSXwgm9S5MCm6v5_P7t_v968L_EKUau2FQRn1lmXeNPTV_VJsQJfD7QPJXvPcQVgB8LRAzCHiecImkiBggnL1guD6Np555M6OKaNqTX7kqMUjnEY9MdYAZSqdeSZZDodju-H-mQ3tQZrDSz42sf9lLu0NuVTeVKjPWVadr313Lm4DFrNOHAZt37ZHbuCJcHW1rsUfdc9e2YxZJ2Vve-cxfg0E5YGATeuhMPegvPTaInrvrBcwjVEBNFTKHuRglcE3TowGJODs0BBokyxeQgAbcGz9bsOdC8TzbPW9p6B3jHpANo1ox8fwcYyowbuLq2TadrkfgFWGICRvNooIYeoSAZM5e4o7HHwXKYr7wfdXeCQwcPmw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 4B5D 13 KB
13 KB 38ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900015.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 03:23:58 GMT
x-content-type-options: nosniff
age: 395846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 May 2024 03:23:58 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 4B5D 13 KB
13 KB 39ms
9ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900015.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 17:12:56 GMT
x-content-type-options: nosniff
age: 432508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 May 2024 17:12:56 GMT

GET
H3 200 dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055
adservice.google.com/ddm/fls/z/ Frame 8A67 42 B
63 B 45ms
44ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CMe5_e75i_8CFRT3GQodAgoEqw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1015463325063.9055?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1901 42 B
174 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv9U0J0-lcpfD2Jn7BbviQSPG3YBf870mZu9-tcRpmac4ZpsZfDqdHyVqyAivi_fWevJbwQS_xPYRAvVnri0ypvP_tVLrJAxmSjNZGPxk72Q64vtHZGI0gyHvlaGFILAgNUtUF8Ew&sai=AMfl-YRx_MJXvFJPvZqr48eCPM_Jd4rVbzArToXcBJlpdW8VfW3qo83QnXrmtkiq4MMlZXdT2QEAxuZWrBYjznu1YN806CVwIHQq7xgP4a8m7P07Wm8A5z9bJBA1YDeGOIxa0OcGVtX3CudXjQAdlA&sig=Cg0ArKJSzE6zVL4jkQw1EAE&cid=CAQSTABygQiD6PWe1uA5UMY5O45tEssOCdefplI6yj_FQoENpBTBsms6yT5EKaj3ejMVxIoAY4ud_ovyyjYkgx8iugWCYFGJekYPWyT4h5UYAQ&id=lidar2&mcvt=1000&p=890,10,1140,310&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230522&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4042043804&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684862483550&rpt=315&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1901 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5107877236473&version=m202301230201&ct=76&x=1&cor=12154753025338653000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 event
ads.adfox.ru/239538/ 0
66 B 65ms
65ms Image
text/plain 2a02:6b8::1be
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.adfox.ru/239538/event?hash=fcac5637db9b10cc&pm=bmn&p5=nmoxl&rand=gvntqqx&sj=OQps12AxuZr2r4TCX_N3J7ERQ0e8V5yTfymKfkXUHZCK7QD_Ja8VibjpBYOzaQ%3D%3D&ad-session-id=9893891684862482221&lts=fluzode&ytt=144036023369733&ybv=0.775430&ylv=0.775430&dl=https%3A%2F%2Fnokta.md%2F&pr=muibryc&p1=cwutf&rqs=EaKjJRDm9SQS9mxk1nBS4muU07kCxOLP&p2=y

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1be Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nokta.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:25 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 May 2023 17:21:25 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
expires: Mon, 04 Dec 1999 21:29:02 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame D735 16 B
232 B 71ms
71ms Fetch
application/json 13.41.149.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.41.149.234 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-41-149-234.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 23 May 2023 17:21:25 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 86ms
20ms Preflight 13.41.149.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.149.234 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-41-149-234.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 23 May 2023 17:21:25 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D735 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4579055313310&version=m202301230201&ct=77&x=1&cor=9038045710543037000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame C4D7 16 KB
6 KB 44ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Requested by: Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=46044
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Tue, 23 May 2023 17:21:25 GMT
expires: Wed, 24 May 2023 06:08:49 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sspmatch-iframe Show response
ads.betweendigital.com/ Frame 8B0B 604 B
774 B 12ms
11ms Document
text/html 188.42.196.115
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/sspmatch-iframe
Requested by: Host: prebid.dsail-tech.com
URL: https://prebid.dsail-tech.com/prebid_preprod.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.42.196.115 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 614ff5b6b602b2ae7c289af9ab7103e13a3b8014c6af0f747426c0a9e24ddbda

Request headers

Referer: https://nokta.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 604
content-type: text/html

GET
H2

200

match
ads.betweendigital.com/ Frame 8B0B
Redirect Chain

https://x.bidswitch.net/sync?ssp=between
https://x.bidswitch.net/ul_cb/sync?ssp=between
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=between&bsw_custom_parameter=d5de31a4-5fea-4c50-95a8-aa476d52301f
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=between&bsw_custom_parameter=d5de31a4-5fea-4c50-95a8-aa476d52301f
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=4fd052c4-bc3d-4181-901d-2910bb9b94ea&user_group=1&ssp=between&bsw_param=d5de31a4-5fea-4c50-95a8-aa476d52301f
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=d5de31a4-5fea-4c50-95a8-aa476d52301f

68 B
598 B

12ms
12ms

Image
image/png

188.42.196.115
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=22&external_user_id=d5de31a4-5fea-4c50-95a8-aa476d52301f
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Server: 188.42.196.115 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

location: //ads.betweendigital.com/match?bidder_id=22&external_user_id=d5de31a4-5fea-4c50-95a8-aa476d52301f
date: Tue, 23 May 2023 17:21:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

match
ads.betweendigital.com/ Frame 8B0B
Redirect Chain

https://px.adhigh.net/p/cm/btw
https://px.adhigh.net/p/cm/btw?bounced=1
https://ads.betweendigital.com/match?bidder_id=37&external_user_id=xWQDi9MiQRA.AikABlGISaFF_A

68 B
598 B

14ms
14ms

Image
image/png

188.42.196.115
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=37&external_user_id=xWQDi9MiQRA.AikABlGISaFF_A
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Server: 188.42.196.115 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:26 GMT
server: nginx
x-backend-id: f20-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
location: https://ads.betweendigital.com/match?bidder_id=37&external_user_id=xWQDi9MiQRA.AikABlGISaFF_A
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

match
ads.betweendigital.com/ Frame 8B0B
Redirect Chain

https://ups.analytics.yahoo.com/ups/58665/occ?gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58665/occ?gdpr=0&gdpr_consent=&verify=true
https://ads.betweendigital.com/match?bidder_id=251&external_user_id=eS0wZnVaLkZKRTJ1RzVzMVBiR081c0dfUUhJVjBMem1KZUNnTUo4SGstfkE%3D&gdpr=0

68 B
598 B

12ms
12ms

Image
image/png

188.42.196.115
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=251&external_user_id=eS0wZnVaLkZKRTJ1RzVzMVBiR081c0dfUUhJVjBMem1KZUNnTUo4SGstfkE%3D&gdpr=0
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Server: 188.42.196.115 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

location: https://ads.betweendigital.com/match?bidder_id=251&external_user_id=eS0wZnVaLkZKRTJ1RzVzMVBiR081c0dfUUhJVjBMem1KZUNnTUo4SGstfkE%3D&gdpr=0
date: Tue, 23 May 2023 17:21:25 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 btw
sync.dmp.otm-r.com/match/ Frame 8B0B 0
69 B 57ms
11ms Image
text/plain 148.251.9.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.dmp.otm-r.com/match/btw?id=4eb95fa2-e5c1-528f-b9ae-99b2ddc26fa0
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 148.251.9.22 Wernigerode, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.22.9.251.148.clients.your-server.de
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 23 May 2023 17:21:25 GMT
server: nginx/1.17.2

GET
H2 200 bidder_18.html Show response
cache.betweendigital.com/code/ Frame 186C 4 KB
1 KB 248ms
6ms Document
text/html 151.236.118.146
CDNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=4eb95fa2-e5c1-528f-b9ae-99b2ddc26fa0&CACHEBUSTER=805063
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 151.236.118.146 Moscow, Russian Federation, ASN204720 (CDNETWORKS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 0771c19c407aac665a7b2c8eecf0709b0990dfd62358a4dc9f373fbf56404878

Request headers

Referer: https://ads.betweendigital.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Tue, 23 May 2023 17:21:26 GMT
etag: W/"638623e5-e7e"
last-modified: Tue, 29 Nov 2022 15:23:17 GMT
server: nginx
x-cdn-edge-cache: HIT
x-cdn-edge-id: 310
x-cdn-request-id: 20b9c8979460809a99c9785113f82a45

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame C4D7 3 KB
3 KB 48ms
12ms Script
text/html 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=42812802&p=161759&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 8082157a352b7e75ba0044a1b7fd3988b9ee193577db025a7b8841acf0d83ac1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 23 May 2023 17:21:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B83F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0db1646c-f616-4f00-8c06-9da67ae5df6b&gdpr=0&gdpr_consent=

42 B
326 B

65ms
19ms

Document
image/gif

185.64.191.210
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0db1646c-f616-4f00-8c06-9da67ae5df6b&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 23 May 2023 17:21:26 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Tue, 23 May 2023 17:21:26 GMT
Expires: Tue, 23 May 2023 17:21:25 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 851 9bd98ae master cdg-pixel-x26 config_version:"unknown"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0db1646c-f616-4f00-8c06-9da67ae5df6b&gdpr=0&gdpr_consent=
x-status: O1

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 1FA0
Redirect Chain

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828011460001

42 B
273 B

20ms
19ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828011460001
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 23 May 2023 17:21:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Content-Length: 0
Date: Tue, 23 May 2023 17:21:26 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828011460001
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 0C35
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
245 B

63ms
17ms

Document
image/gif

185.64.191.210
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 23 May 2023 17:21:26 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Tue, 23 May 2023 17:21:25 GMT
expires: Tue, 23 May 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 1231415
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 6EA5
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5175650257480605517

42 B
274 B

18ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5175650257480605517
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 23 May 2023 17:21:26 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5175650257480605517
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H/1.1

200
OK

dcm Show response
aax-eu.amazon-adsystem.com/s/ Frame 7298
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=DCABF644-19AF-4E86-9058-2351B3060B1F&redir=true&gdpr=0&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=DCABF644-19AF-4E86-9058-2351B3060B1F&redir=true&gdpr=0&gdpr_consent=&dcc=t

43 B
855 B

188ms
187ms

Document
image/gif

52.94.220.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=DCABF644-19AF-4E86-9058-2351B3060B1F&redir=true&gdpr=0&gdpr_consent=&dcc=t

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.94.220.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 23 May 2023 17:21:26 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: H5JP9QFQ7QH34VNA0A6B

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Tue, 23 May 2023 17:21:26 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=DCABF644-19AF-4E86-9058-2351B3060B1F&redir=true&gdpr=0&gdpr_consent=&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: RBGX9B4NXMQ7B970S1X9

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C4D7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3Kv2RBmvToaQWCNRswYLHw%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

11ms
10ms

Image
text/html

23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:26 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=46043
accept-ranges: bytes
content-length: 5554
expires: Wed, 24 May 2023 06:08:49 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame C4D7 49 B
266 B 127ms
33ms Image
image/gif 54.194.111.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=DCABF644-19AF-4E86-9058-2351B3060B1F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.111.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-111-53.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:26 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.10.110
content-length: 49
expires: 0

GET
H2

204

ids
idsync.frontend.weborama.fr/ Frame C4D7
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=3090041359
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=DCABF644-19AF-4E86-9058-2351B3060B1F

0
284 B

51ms
19ms

Image
text/plain

34.111.131.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=DCABF644-19AF-4E86-9058-2351B3060B1F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Server: 34.111.131.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.131.111.34.bc.googleusercontent.com
Software: Weborama Collect Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:25 GMT
via: 1.1 google
last-modified: Tue, 23 May 2023 17:21:26 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=DCABF644-19AF-4E86-9058-2351B3060B1F
date: Tue, 23 May 2023 17:21:26 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1

200

p
a.audrte.com/ Frame C4D7
Redirect Chain

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=DCABF644-19AF-4E86-9058-2351B3060B1F
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=ZTNiQk1VZ3c1WkFSVTZOc21mWm5oYjVNZw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/a?adform_uid=2274617058749943503&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D
https://a.audrte.com/p

68 B
424 B

96ms
96ms

Image
image/png

18.205.171.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: HTTP/1.1
Server: 18.205.171.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-205-171-186.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 23 May 2023 17:21:26 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Tue, 23 May 2023 17:21:26 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame C4D7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RENBQkY2NDQtMTlBRi00RTg2LTkwNTgtMjM1MUIzMDYwQjFG&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

75ms
19ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 23 May 2023 17:21:25 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame C4D7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENZ0T_bhponwZdWLvOX_cZA&google_cver=1

42 B
529 B

74ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENZ0T_bhponwZdWLvOX_cZA&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 23 May 2023 17:21:25 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENZ0T_bhponwZdWLvOX_cZA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame C4D7 43 B
612 B 85ms
24ms Image
image/gif 35.204.158.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

49.158.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:26 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Mon, 22 May 2023 17:21:26 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame C4D7
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=2274617058749943503

42 B
322 B

19ms
18ms

Image
image/gif

185.64.191.210
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=2274617058749943503
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Server: 185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 23 May 2023 17:21:26 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=2274617058749943503
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame C4D7 70 B
265 B 98ms
30ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 23 May 2023 17:21:26 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

match
ads.betweendigital.com/ Frame 186C
Redirect Chain

https://x.bidswitch.net/sync?ssp=between
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dbetween%26bsw_param%3Dd5de31a4-5fea-4c50-95a8-aa476d52301...
https://x.bidswitch.net/sync?dsp_id=80&user_id=0db1646c-f616-4f00-8c06-9da67ae5df6b&expires=30&ssp=between&bsw_param=d5de31a4-5fea-4c50-95a8-aa476d52301f&gdpr=&gdpr_consent=
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=d5de31a4-5fea-4c50-95a8-aa476d52301f

68 B
598 B

13ms
12ms

Image
image/png

188.42.196.115
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=22&external_user_id=d5de31a4-5fea-4c50-95a8-aa476d52301f
Protocol: H2
Server: 188.42.196.115 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

location: //ads.betweendigital.com/match?bidder_id=22&external_user_id=d5de31a4-5fea-4c50-95a8-aa476d52301f
date: Tue, 23 May 2023 17:21:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

3f606880-f98e-11ed-86e0-002590c0647c
an.yandex.ru/mapuid/adsniperis/ Frame 186C
Redirect Chain

https://sync.bumlam.com/?src=aid0
https://sync.bumlam.com/?src=aid0&s_data=CAIQARiW7LOjBqIBED9gaID5jhHthuAAJZDAZHw*
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=3f606880-f98e-11ed-86e0-002590c0647c
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=3f606880-f98e-11ed-86e0-002590c0647c&bounce=1
https://sync.bumlam.com/?src=aid1&uid=mkQPuQ1LE39JkVeyC3xUzg&
https://an.yandex.ru/mapuid/adsniperis/3f606880-f98e-11ed-86e0-002590c0647c

43 B
349 B

69ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/adsniperis/3f606880-f98e-11ed-86e0-002590c0647c

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:26 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 23 May 2023 17:21:26 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Tue, 23 May 2023 17:21:26 GMT

Redirect headers

Date: Tue, 23 May 2023 17:21:26 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://an.yandex.ru/mapuid/adsniperis/3f606880-f98e-11ed-86e0-002590c0647c
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 1F8C
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=btwnex&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu

281 B
554 B

68ms
9ms

Document
text/html

23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Requested by: Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=4eb95fa2-e5c1-528f-b9ae-99b2ddc26fa0&CACHEBUSTER=805063
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://cache.betweendigital.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 23 May 2023 17:21:26 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 23 May 2023 17:21:26 GMT
location: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
server: AkamaiGHost

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 1F8C 34 KB
10 KB 7ms
7ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: a7019f1fd3a656f5f264b240d972f15817bc5290d8ccecd04f02d44d19d13c36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Tue, 23 May 2023 17:21:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 May 2023 23:40:20 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=22697
Connection: keep-alive
Content-Length: 10084
Expires: Tue, 23 May 2023 23:39:43 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 1F8C 284 B
536 B 41ms
8ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/jpg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 284
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

805063
www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/ Frame 186C
Redirect Chain

https://www.tns-counter.ru/V13a****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/805063
https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/805063

43 B
296 B

51ms
50ms

Image
image/gif

2001:6d0:4001::226
ADFACT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/805063
Protocol: H2
Server: 2001:6d0:4001::226 , Russian Federation, ASN52016 (ADFACT, RU),
Reverse DNS
Software: ms-counter-4.0.4/1.22.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:26 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: ms-counter-4.0.4/1.22.1
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin: *
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 May 2023 17:21:26 GMT
strict-transport-security: max-age=2678400
server: ms-counter-4.0.4/1.22.1
content-type: image/gif
location: https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/805063
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin: *
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1

200
OK

user-sync
cpm.convergeselect.net/ Frame 186C
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=429&user_id=4eb95fa2-e5c1-528f-b9ae-99b2ddc26fa0&expires=60
https://cpm.convergeselect.net/user-sync?dsp=328334&t=image&gdpr=&gdpr_consent=&uid=d5de31a4-5fea-4c50-95a8-aa476d52301f

42 B
228 B

862ms
18ms

Image
image/gif

77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cpm.convergeselect.net/user-sync?dsp=328334&t=image&gdpr=&gdpr_consent=&uid=d5de31a4-5fea-4c50-95a8-aa476d52301f
Protocol: HTTP/1.1
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 May 2023 17:21:27 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: close
Content-Length: 42

Redirect headers

location: //cpm.convergeselect.net/user-sync?dsp=328334&t=image&gdpr=&gdpr_consent=&uid=d5de31a4-5fea-4c50-95a8-aa476d52301f
date: Tue, 23 May 2023 17:21:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 /
onetag-sys.com/usync/ Frame 45AD 0
0 32ms
7ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=5d1628750185ace

Requested by

Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=4eb95fa2-e5c1-528f-b9ae-99b2ddc26fa0&CACHEBUSTER=805063

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://cache.betweendigital.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame C4D7 0
260 B 65ms
13ms Script
text/plain 198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=161759&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161759
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 17:21:26 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Verdicts & Comments Add Verdict or Comment

159 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

74 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.yandex.ru/	1970-01-20 21:37:02	Name: i Value: QBi+6S2S79lQaZiAJPGKbHU4I1N5IGoBvPJ8FE5n/ax4X0p51I0/WTSQYat7+naCraWLRKwd0VSKaMuc1Xic3nxoAG0=
.yandex.ru/	1970-01-20 21:37:02	Name: yandexuid Value: 2663287711684862481
.nokta.md/	1970-01-20 21:37:02	Name: _ga_16NB6NMBW8 Value: GS1.1.1684862482.1.0.1684862482.60.0.0
.nokta.md/	1970-01-20 21:29:50	Name: __gfp_64b Value: 9V_7ORXx.Wdrb5mnOe9c8FnQSWPijNU6bAUMZWdHD43.I7\|1684862482
.hit.gemius.pl/	1970-01-20 12:11:07	Name: Gtest Value: KlSVtMGGQMQG0zq8OHHsYlfUssGMXP8c25nSGgGQ3Rn5XBG.
.nokta.md/	1970-01-20 21:37:02	Name: _ga Value: GA1.2.1290625941.1684862482
.nokta.md/	1970-01-20 12:02:28	Name: _gid Value: GA1.2.1946947913.1684862483
.nokta.md/	1970-01-20 12:01:02	Name: _gat_gtag_UA_111548798_1 Value: 1
.betweendigital.com/	1970-01-20 20:46:38	Name: dc Value: lux1
.betweendigital.com/	1970-01-20 20:46:38	Name: tuuid Value: 4eb95fa2-e5c1-528f-b9ae-99b2ddc26fa0
.betweendigital.com/	1970-01-20 20:46:38	Name: ss Value: 1
.betweendigital.com/	1970-01-20 20:46:38	Name: unm Value: 1
.hit.gemius.pl/	1970-01-20 21:29:50	Name: Gdyn Value: KlGL2MGGQMQG0zq8OHHsYlfUssGMXP8c25nSGgGQ3Rn5FRxSG7RrGS6GYsRtFlM1YH8PlexaG0F6Sssa
.nokta.md/	1970-01-20 12:01:04	Name: __cf_bm Value: KovW3mlv9Qwsokc.T_uSqXdhTBVuL_BcKmB3ub8mH4k-1684862482-0-AamSrRUnd+Qef8H63i+ca7x1bnEW1iediVFiDS1efylxl6H/1pOaw3YAeqXyVciysHoUdW6UUvB7uqtNWTm4P32TCAt5sKwwuAmB0dR0kPAb
.nokta.md/	1970-01-20 21:22:38	Name: __gads Value: ID=a876eca426a87d43:T=1684862483:S=ALNI_MY2_g0HWGzzfLbXOj0rMJO1W9xbGg
.nokta.md/	1970-01-20 21:22:38	Name: __gpi Value: UID=00000c1a31be553b:T=1684862483:RT=1684862483:S=ALNI_Ma_kYRXPpRRSYDRxKe-hnsHZSjbDg
.casalemedia.com/	1970-01-20 20:46:38	Name: CMID Value: ZGz2E.SJP0a2wJFhN6tgPwAA
.casalemedia.com/	1970-01-20 14:10:38	Name: CMPS Value: 3263
.casalemedia.com/	1970-01-20 14:10:38	Name: CMPRO Value: 3263
.doubleclick.net/	1970-01-20 21:22:38	Name: IDE Value: AHWqTUkXVVMH0mFG-jFeHGY8dT9-AGUnsEYKh7igwCnSUuFzl4uXBCAaUIFROc7i
.adnxs.com/	1970-01-20 14:10:38	Name: uuid2 Value: 981818349865434411
.adnxs.com/	1970-01-20 14:10:38	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVSev-a(!]tbPl1M>e)ZlrFUfJ+tGXxpOAd*x)>OlC#HpbS$L't3hNDjY6Q<<45VmwH(3If)y3KL9D3I?+`7w5LI
.doubleclick.net/	1970-01-20 16:20:14	Name: APC Value: AWEbyIEjIXuY0xYK0KgAlJcnwrh25TfUDfH0MtyY7iAdsjK2-8vv
.redintelligence.net/	1970-01-20 14:10:38	Name: 8lcfmzhxc8d6_uid Value: 2bbef5f1a90ca976
.criteo.com/	1970-01-20 21:22:38	Name: uid Value: 572b5d67-c416-446a-a8d4-0317d2ee8c66
.awin1.com/	1970-01-20 12:03:55	Name: awpv11830 Value: 296283\|1684862484\|3e3227a0-f98e-11ed-9a9c-22335c3bbb34
.awin1.com/	1970-01-20 12:02:28	Name: awpv11601 Value: 113440\|1684862484\|3e35f830-f98e-11ed-b339-2265b7c46fb7
.awin1.com/	1970-01-20 12:11:07	Name: awpv14098 Value: 296283\|1684862484\|3e3b2850-f98e-11ed-9d45-2261c3620022
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 429086:2519595
.office-partner.de/	1970-01-20 21:37:02	Name: source Value: {"webgains_webgains":{"timestamp":1684862484396,"clickCookie":false}}
.nokta.md/	1970-01-20 21:22:38	Name: cto_bundle Value: TuxVjl9JZmFQUTh1RUVpdWglMkZCWUhWJTJCUzhNY3d1Z1dlOTlxY0JRa1NQJTJGQjU5dkdzNHI4eTZPcUZjSSUyRkQ2dXJUNzIwNHZKakJFRU9LTW1kOW1PaGRQWkZzdFBGMkdFZkhubkhvY2tEMmp5TFZCOUhFVHJ5cjR2Tk45bEM2eERDakY4UnZxS2JKN0pQaGlKSmM2V0JWZW9WVHN5dyUzRCUzRA
.yahoo.com/	1970-01-20 20:47:00	Name: A3 Value: d=AQABBBX2bGQCEGdhdzuti_z0ULMIwIwgp2cFEgEBAQFHbmR2ZOANyiMA_eMAAA&S=AQAAAo8YAzd4KSnfHtrMHejq9X8
.analytics.yahoo.com/	1970-01-20 20:46:38	Name: IDSYNC Value: 199l~2bt5
.bidswitch.net/	1970-01-20 20:46:38	Name: tuuid Value: d5de31a4-5fea-4c50-95a8-aa476d52301f
.bidswitch.net/	1970-01-20 20:46:38	Name: c Value: 1684862485
.bidswitch.net/	1970-01-20 20:46:38	Name: tuuid_lu Value: 1684862485
.pubmatic.com/	1970-01-20 20:46:38	Name: KADUSERCOOKIE Value: DCABF644-19AF-4E86-9058-2351B3060B1F
.pubmatic.com/	1970-01-20 14:10:38	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 12:02:28	Name: pi Value: 161759:2
.pubmatic.com/	1970-01-20 14:10:38	Name: DPSync3 Value: 1686009600%3A201_245_241_235
.pubmatic.com/	1970-01-20 14:10:38	Name: SyncRTB3 Value: 1686009600%3A7_161_251_13_21_56_54_46_220%7C1686096000%3A35
.weborama.fr/	1970-01-20 21:26:57	Name: AFFICHE_W Value: AYlmBIDxzacB72
.mathtag.com/	1970-01-20 21:26:57	Name: uuid Value: 0db1646c-f616-4f00-8c06-9da67ae5df6b
pool.admedo.com/	1970-01-20 20:46:38	Name: tuuid Value: 4fd052c4-bc3d-4181-901d-2910bb9b94ea
pool.admedo.com/	1970-01-20 20:46:38	Name: c Value: 1684862486
pool.admedo.com/	1970-01-20 20:46:38	Name: tuuid_lu Value: 1684862486
.adhigh.net/	1970-01-20 20:46:38	Name: gi_u Value: xWQDi9MiQRA.AikABlGISaFF_A
.adform.net/	1970-01-20 12:45:40	Name: C Value: 1
.rfihub.com/	1970-01-20 21:22:38	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MDcxNrYwsjAwNDQxMzAwMBTiM9R1t7TID4ww865yNnEGAD9IYRslAAAA
.rfihub.com/	1970-01-20 21:22:38	Name: eud Value: H4sIAAAAAAAA_9vEyGtoZmFiYWYExAamJgCeDBaPEAAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MDcxNrYwsjAwNDQxMzAwMBTiM9R1t7TID4ww865yNnEGAD9IYRslAAAA
.simpli.fi/	1970-01-20 20:48:04	Name: suid Value: 49030F0EFB0F4F5FACDA6B0EE315D9FE
.de17a.com/	1970-01-20 20:39:26	Name: guid Value: 1.5175650257480605517
.adform.net/	1970-01-20 13:27:26	Name: uid Value: 2274617058749943503
.pubmatic.com/	1970-01-20 12:44:14	Name: KRTBCOOKIE_80 Value: 16514-CAESENZ0T_bhponwZdWLvOX_cZA&KRTB&22987-CAESENZ0T_bhponwZdWLvOX_cZA&KRTB&23025-CAESENZ0T_bhponwZdWLvOX_cZA&KRTB&23386-CAESENZ0T_bhponwZdWLvOX_cZA
.pubmatic.com/	1970-01-20 12:44:14	Name: KRTBCOOKIE_18 Value: 22947-5107433828011460001
.adhigh.net/	1970-01-20 20:46:38	Name: btw_sync Value: LKQP
.pubmatic.com/	1970-01-20 12:44:14	Name: KRTBCOOKIE_391 Value: 22924-2274617058749943503&KRTB&23263-2274617058749943503&KRTB&23481-2274617058749943503
.pubmatic.com/	1970-01-20 12:44:14	Name: PugT Value: 1684862486
.pubmatic.com/	1970-01-20 12:44:14	Name: KRTBCOOKIE_27 Value: 16735-uid:0db1646c-f616-4f00-8c06-9da67ae5df6b&KRTB&16736-uid:0db1646c-f616-4f00-8c06-9da67ae5df6b&KRTB&23019-uid:0db1646c-f616-4f00-8c06-9da67ae5df6b&KRTB&23114-uid:0db1646c-f616-4f00-8c06-9da67ae5df6b
.pubmatic.com/	1970-01-20 12:44:14	Name: KRTBCOOKIE_336 Value: 5844-5175650257480605517
.betweendigital.com/	1970-01-20 20:46:38	Name: ut Value: ZGz2FgACuziKhhY8K4PEHyHvMqUnn037135PGQ==
.bumlam.com/	1970-01-20 21:37:02	Name: suuid3 Value: IiQzZjYwNjg4MC1mOThlLTExZWQtODZlMC0wMDI1OTBjMDY0N2M*
.amazon-adsystem.com/	1970-01-20 17:22:09	Name: ad-id Value: AwAg1_ofAEHQtigSrVd_5Os
.amazon-adsystem.com/	1970-01-20 21:37:02	Name: ad-privacy Value: 0
.audrte.com/	1970-01-20 12:22:38	Name: arcki2 Value: e3bBMUgw5ZARU6NsmfZnhb5Mg!20220908!1684862486318!ip#138.199.38.134
.audrte.com/	1970-01-20 12:22:38	Name: arcki2_pubmatic Value: DCABF644-19AF-4E86-9058-2351B3060B1F!20220908!1684862486321
.aidata.io/	1970-01-20 21:37:02	Name: __upin Value: mkQPuQ1LE39JkVeyC3xUzg
.aidata.io/	1970-01-20 21:37:02	Name: __upints Value: 1684862486
.audrte.com/	1970-01-20 12:22:38	Name: arcki2_ddp2 Value: e3bBMUgw5ZARU6NsmfZnhb5Mg!20220908!1684862486456
.yandex.ru/	1970-01-20 21:37:02	Name: yuidss Value: 2663287711684862481
.audrte.com/	1970-01-20 12:22:38	Name: arcki2_adform Value: 2274617058749943503!20220908!1684862486653
.tns-counter.ru/	1970-01-20 20:46:38	Name: guid Value: ED27680B646CF616X1684862486
.pubmatic.com/	1970-01-20 12:44:14	Name: SPugT Value: 1684862486

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=DCABF644-19AF-4E86-9058-2351B3060B1F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8019191.fls.doubleclick.net
a.audrte.com
aax-eu.amazon-adsystem.com
ads.adfox.ru
ads.betweendigital.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
adv.office-partner.de
an.yandex.ru
analytics.webgains.io
api.webgains.io
bidder.criteo.com
bs.yandex.ru
c1.adform.net
cache.betweendigital.com
cdn.jsdelivr.net
cdn.track.production.webgains.team
cm.g.doubleclick.net
cpm.convergeselect.net
cr.frontend.weborama.fr
d5p.de17a.com
dis.criteo.com
dmp.adform.net
dsum-sec.casalemedia.com
e0a27206829875a4f96765c02c3951ce.safeframe.googlesyndication.com
eb3c4b7e5e6be0daf4369a583b32f789.safeframe.googlesyndication.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gamd.hit.gemius.pl
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900015.redintelligence.net
hbopenbid.pubmatic.com
ib.adnxs.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image6.pubmatic.com
ls.hit.gemius.pl
match.adsrvr.org
mug.criteo.com
nokta.md
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pool.admedo.com
prebid-eu.creativecdn.com
prebid.dsail-tech.com
px.adhigh.net
region1.analytics.google.com
s0.2mdn.net
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
static.cloudflareinsights.com
static.criteo.net
stats.g.doubleclick.net
sync.bumlam.com
sync.crwdcntrl.net
sync.dmp.otm-r.com
sync.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
track.webgains.com
um.simpli.fi
unpkg.com
ups.analytics.yahoo.com
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.tns-counter.ru
x.bidswitch.net
x01.aidata.io
yandex.ru
yastatic.net
128.140.224.228
13.41.149.234
138.201.135.164
142.250.185.194
142.250.185.230
146.59.30.96
148.251.9.22
15.197.193.217
151.236.118.146
172.217.16.194
178.250.7.11
178.250.7.13
18.133.209.175
18.198.83.202
18.205.171.186
18.66.147.120
184.29.202.60
185.184.8.90
185.29.134.244
185.64.189.112
185.64.190.80
185.64.191.210
185.80.39.216
188.42.196.115
193.0.160.130
193.232.150.60
198.47.127.19
198.47.127.20
2001:4860:4802:34::36
2001:6d0:4001::226
213.155.156.183
23.2.229.193
23.35.236.201
23.37.42.132
2606:4700:10::6816:44aa
2606:4700:10::ac43:510
2606:4700:3031::ac43:bc1a
2606:4700::6810:3965
2606:4700::6810:7daf
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2003
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:812::200e
2a00:1450:4001:827::2006
2a00:1450:4001:828::2008
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:400c:c08::9a
2a02:2638:3::7
2a02:2638:3::c
2a02:2638:d::2
2a02:6b8:20::215
2a02:6b8::1be
2a02:6b8::90
2a02:6b8:a::a
2a04:4e42::485
2a0b:4d07:102::1
3.71.149.231
31.172.81.160
34.111.129.221
34.111.131.239
35.204.158.49
35.210.53.219
37.157.6.254
37.252.171.22
46.4.10.49
51.75.86.98
52.94.220.185
54.194.111.53
69.173.144.138
77.245.57.72
89.108.120.68
99.86.4.52
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
025f0fa2318b3403320f2fa40a005a5963591078d4cefc73ce34232248dca954
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
05f36e111195d0bfc46f0cc8bd1ae40cabd63a4027fde8d741ebf5f342e52010
0771c19c407aac665a7b2c8eecf0709b0990dfd62358a4dc9f373fbf56404878
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f234f4600c91c7979ec9ed19d80dfdf80cfe78c64fcaa49c0b1364d0ecfa24f
1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e
1135cec95684f44d579e2ca4bd2b78d3406a9b6013de2d039003da581a631639
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1381123ff6dd78a93cc7c9bcbfdefc7916f0ab055a82093491e800c9303841fc
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
1638cca66bf3f31040fa288d30890d4a8247ba3ae82a10941691b16d8a3319a5
168d9dfbb36118d33acd39c29944de9a8bca4d70fca59a94ce7b3d82d1ad0541
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1cec2e967c0e6a017e4d00a39a1b3b5538ffa9e282c19283a009a56186b795eb
1f21f36b76aa068bb644f2ede985d8261ba98a13404ab9d82d6b91513bebd5c9
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
20bf034da28bf47b04cac346dd8e38cc2fd65a96583c082818e686305e872357
21bf4b49938284aaececf999f198f621de0aa792bb5315fc21255d0ab439e145
226a7d74481c9d415acae1eeb7ba0d5910bcbe331d20798d8a9a10e105087ab4
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
23f1cf894af232eefc7489d3fe3d620cb38ede4291dc191b27ebeadafa2fb5f6
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29dedf4e30fe3d7cf62b3310017d3d7d5b6f1908828c2668f37942d8742fe39c
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c6da2b8945cfae44eb209ac3de3e763d3405eecbdea8f749710050fe321721e
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e7cc51d03f0d99bdf8b405b9fce6dd02b1064c4d8afe0308493db1172ded65c
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30005625295c25a57df6f524b008677143f0b92de497142225952a263a25df22
30cbce948edf2f38d143353c1d4a562166a2e10058f669bba223d02d495e2332
30ece5ac4e330eb0d7d2f0ff3096f914def5a156abfd9f6f0352d03bcf40311b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
394807ec08bed57b2a7667792ea19d0df46a60287004b14aedf2420d4e3572f3
3cb89651dc811026332da4b77a4ad33fcea8d13101b2074e1323332bca079eaa
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
42b9a15f9b6a86e0bca2678c6a6679ed2e73777ca55d893012e685275249f702
452f096c720b3e3f9bef10090f461ce08ab38e64159263e9939a7c60067aa32f
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4862fc21a43fbc401fd4f3733ef79d44d50d643eec77926b16193e5d2dd96a3a
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4967274ff18a90ce0a1934865dfaf2e1a2fb84aac387b76b22732f289823c46a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c849a84313207524e8861bf35cd4a2c964c8c0b1fecc84607bc44426583ac1f
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
507bd0fd4cb27bbe4e593df2811651c220e3bbd29f370b45af15ef46839bc6e5
52db930f81d97113dde679cac624cb5435b56d4ac486e91a0b6692d2cb615a84
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55564d0504733b999d0cd481c189881f733b1a5b2984a4629af62d8cc495d895
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57b5eb866302b54ad72b282462a4952007ffec4d4ad1aa9057a348175050737a
58e0e416b186bd4589078adccd3b438ba6d64b2ccd0c8140cb18a4db73d744e3
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5b8f2e139982264599c8c2fe3ee4942009c221abf76ee87f58f2a8193cdaa895
5e4c187169514549d4993f5d08dcbfe2961ca864b28a68e3338770331e517e85
6003a79eb6e295b7201e52c760ae0df7cc776c85b7f819805fcdd57545efde21
614ff5b6b602b2ae7c289af9ab7103e13a3b8014c6af0f747426c0a9e24ddbda
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
644ccd7943c4660591d9bbc9572fc65a7033678e5b362b977f207d5f12fc4322
68d4f611c9959aa66dc2773811d9b75aeaf39b4cf04eec737aa059e4b5f70914
6992c441b5da50c3096cb75c1bb60e699e62fe9e703b382ebbf6b263c22f9fd2
6a58e459f0f0d44911ae785b7692808fb88ca627366042b7726024b1fd146d18
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e7c083e0e173f849fa0582a9332bf40a3567c49ff818f28b0e4dca93930c6e5
6f8910bb4b43e21480fa154045cd5fcf338313475a176572f9b3cb5bdb9abbbf
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
74f5d8be26e5c3cd5a0cc8e16c7c76e70cd0f8a0f742a2b28b04d3094d858a64
755e2a1b53d5fc608e6d8246898a6cc164a7bc3f8a2a47446864e5d80a6dc467
766b55722918f8dae7e77c097c6d2c517e4b889386dcfb357fad76ab694f11df
791949c28323dc8d138670263083cfd7b13eb8cd08f751e46ddc5345c9b25db5
79a59e4c0c9b958ddc39b8bbfcdf16692c313c6312470f75e0ae6ba4d98c2980
7fbc40f41c035c68530abfe8bbef11a0a614e07068e34104446d6cf0a476f198
8082157a352b7e75ba0044a1b7fd3988b9ee193577db025a7b8841acf0d83ac1
8b9e8f4418a9532f833ca8b74dfe83d616ef439f9c12f97e994fff652eff8679
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f301752c4f7f9cc783b9ac55c6163943c94f3f75dc4844180e342fac6eeb4f8
980ae1a7d20f556f83c9f329c8a216e9ba1b1aa5a73c7c33cb6a03fc182fdd7a
99293a8b11c48433f554882fbe98a852079241835cf8dbedd33a62896d4df233
9cf29cebf607fff8cce66b1b38ae097bd4574dff76124814c7ef7cba72cf4c6e
9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a3b81d8c7b66a1ced235161d7c48ff1909c17f0770c214655ab28a280406c20f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a58f902750ab06a59f5e4b5e080020f580703b1192fd8e428c9119de27cbdb26
a7019f1fd3a656f5f264b240d972f15817bc5290d8ccecd04f02d44d19d13c36
a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427
ab07cae7d057d6d320531ee80728081a9217ce5a17d366400e35968e5e839048
abc94707f2cd54cac4f779775a6d1de6331a87327ed766a44fe9516c26df3456
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2eaac755474cb7655bf0c87683f4282347bba0c4c7c8155518b8c621e1f3658
b379e1be66deeb14ae4b5d398f02cc51309d5396faed455ace3b6ed9c00c1837
b64479e3b6a6ac6055d31fdb43521c021d081db817a44210f66753035aadb00b
b8c1ffafa4cfd35df4f7a3b7c640a87515cc88202d806f824b85d2d0e7e73e02
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bd301403c1ea9b6b2a13c4da6155bfd44ce4a52b804cdf1ce376f7b76e26b60c
bfcc1919e0ceebdd9b19a2b7da55e98a3752f9253378aa75ca14537964e9e912
c07d442c08fff9fcc0e9db32704bdfa7f37ae5c70e2cb198e417cd6d8ef794ab
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c25bc41243c7eadd809840b406dfea847d886844318cc5ebd8c62b1e869a8eee
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb4fd441dc86393bf0164b078904c830988b914d686ebcf23c3c13fdaacad0d0
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cdb9557866029aa0a3b947dab1af085e8740ff959eefbc4cb82f8f4ee1212a47
cddbabde6b641c1731102a3ff5b981f07a0975b6c45b3e40f7bb553887a52f4f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1bba70edaffa6d4e72cd19e4946ca22732b1ca05c62d4ba02c7a2668abfd4a1
d23604d7a309832b4a5ac8d1a857ed67b052b3dfde8f6ad2667a384824b9c20d
d24ba30a2d8e03e5b723cc6d24e6780e510bfab36827a429c26ce210a8837ec0
d27d23ebcca04710b498721373481c9f1e926c8e9fffed96cc0e1bfaf52e7bd8
d29e9b417219db909a5ce416d3828c4eed004bdf16c0fd6598ac80cc4f3ac13a
d324704b0215a285dfad935dc306dcde2253c66159e32c93f6f21d5f2497aedb
d475d615b9fafc607716fb61db14ff3688a9ce6ea13cf27cc7343a33ac250b8e
d531714061c19d619d673421affb5cd9696011decaad686c86d42b302df27424
d5eff7104f62c0be8e1ca73a65913ed407a7f3bc5d4c1968b0efc2bd2f1aaffd
d606de01acf790d9b17825ff891022c25e47b75b6e61b38c18df2f4f430733e7
d722f22f55be25a416bac650c92727a60e32ff4b6dfacb0a44402867db7b880b
d8d145e9f9670f3bf909c7a7d7de6c88834635741e913714825200a90c25fadd
daf645bbe5045476c4efc0e2fabcffb94dcb0d73ebec21f6db7c9edb13ae48e1
dd3f1fcb8843f5635e639a688ccd30baefb1baf9c9da9c16b524dca5c56c2404
dd9ef05fac8cc3ceabd959275eb6921ce1991edaba3cf8b04531409e4fbd4576
ddaf7d0e49561b75a071a3330893067bfcfa884fe135d725a9b94f6da753293b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e113a863badcfa7f3cda776d5208d1f965b48a66455dffd12050ceac9dfaf16b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e49aa7746ff1d6a5d073f9e7bcdaa97974b74650fe602d3bd00e246a987fedd6
e52abda4bcb62a6936b7b32c33bb25f24c415d5506ddf9737e615ed38dd06a57
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef30c883b4b4e4b45057fb38e75477aa1b847d061b19ff032e26c5d3a789961c
f4ab2276dcf53c0ae41925d1dd8df947069bd907812e7e4c9a8852d3f8c3c85a
f4bde497e1319509adb2b73df425f5e9031b08be6aa8315864661128f93ebf38
f9f565ffda4f2dfd59ef92595e7e5f3ecfc363d6122158cf28c3a26ea7214367
ff041b575ce7efac2d3aa02f774de6205a113c0d408f5e42dc4aa9883a8f4c8a

nokta.md Open in urlscan Pro 2606:4700:10::6816:44aa Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

218 Requests

88 %HTTPS

39 %IPv6

53 Domains

82 Subdomains

66 IPs

14 Countries

5168 kBTransfer

8979 kBSize

74 Cookies

7 Outgoing links

Page URL History

Redirected requests

218 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

nokta.md Open in urlscan Pro
2606:4700:10::6816:44aa Public Scan

Screenshot
Live screenshot

Full Image

218
Requests

88 %
HTTPS

39 %
IPv6

53
Domains

82
Subdomains

66
IPs

14
Countries

5168 kB
Transfer

8979 kB
Size

74
Cookies

218 HTTP transactions
2 data transactions